Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.08.2012, 22:55   #1
chillkröte86
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



Hallo Trojaner-Board-Community,

ich habe hier vor mir einen PC auf dem der GVU-Trojaner 2.07 war/ ist.

Nachdem ich mich etwas im Internet belesen habe, trennte ich den PC zuerst vom Internet und löschte dann nach einem Neustart die Datei "roper0dun.exe".
Diese Schritte wurden auf einer Website beschrieben, welche ich leider nicht mehr vor mir habe. Somit kann ich den Link dorthin leider nicht hier einfügen. Die Seite war blog.botfrei.de.

Nachdem ich den PC nach der Löschung wieder neustartete erschien folgendes Fenster:
Anhang 42333

Jetzt habe ich das Thema "Für alle Hilfesuchenden!" durchgearbeitet und hoffe nichts vergessen zu haben und alles richtig zu machen im Folgenden.

Vorab das der Inhalt des Malware-Logfiles, welches 5 Meldungen beinhaltet:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
MadMax :: TOWER [Administrator]

Schutz: Deaktiviert

31.08.2012 00:01:09
mbam-log-2012-08-31 (00-04-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 184793
Laufzeit: 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.cfg (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.dat (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\--((Mutex))--.xtr (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)

Hier die anderen Logfiles:
OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.08.2012 23:21:23 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\MadMax\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,59% Memory free
5,99 Gb Paging File | 5,01 Gb Available in Paging File | 83,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 9,49 Gb Free Space | 11,41% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
 
Computer Name: TOWER | User Name: MadMax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.30 22:28:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\MadMax\Downloads\OTL.exe
PRC - [2012.08.09 00:10:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe
PRC - [2012.06.26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe
PRC - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:07:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.09 15:13:28 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012.01.04 08:07:40 | 000,021,392 | ---- | M] () -- D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.21 07:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 00:32:21 | 000,115,137 | ---- | M] () -- C:\Users\MadMax\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll
MOD - [2012.06.14 17:26:40 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.14 17:24:00 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.14 17:23:47 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.14 17:23:36 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.14 17:23:34 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.05.11 23:16:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.11 23:06:32 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 23:06:26 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.11 22:58:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 22:55:49 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.11 22:55:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.11 22:55:34 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.11 22:55:28 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.01.04 08:07:40 | 000,021,392 | ---- | M] () -- D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- D:\Program Files\Unlocker\UnlockerCOM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.27 18:45:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.05.08 13:07:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:07:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.02.09 14:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.29 09:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2011.07.25 20:07:39 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2011.06.23 08:43:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.11.11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010.11.11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.11.11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.04.24 09:18:40 | 010,472,960 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 66 B0 1B 57 13 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9E1E6D1C-20F5-4580-8D22-C017543F7D7A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=70062035-241b-44f7-8eb2-6a86605a1fa6&apn_sauid=5FDF5AF7-FC10-4C5E-9075-5A99C9C0C3C7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 20:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
 
[2011.07.25 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MadMax\AppData\Roaming\mozilla\Extensions
[2012.07.25 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions
[2012.05.17 16:00:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions\ich@maltegoetz.de
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\askcom.xml
[2012.08.26 21:28:00 | 000,001,018 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\facebook.xml
[2011.09.03 10:25:05 | 000,000,991 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\ponseu--franzsisch--deutsch.xml
[2012.01.14 20:31:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.10.31 21:39:39 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\MADMAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWU37YWT.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MadMax\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = D:\Program Files\Java\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: Music Notation Training = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\
CHR - Extension: YouTube = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Guitar Pro Viewer = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\
CHR - Extension: AdBlock = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: History Eraser = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\2.8_0\
CHR - Extension: Dropbox = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\
CHR - Extension: Google Maps = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Google Mail-Checker = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Facebook Notifications = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.10.14 16:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [KiesPDLR] D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUpPortable\App\TuneUp\TUMessages.exe (TuneUp Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{523B399B-3F83-44F8-9622-ED9FDE0CD877}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck turegopt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.30 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Malwarebytes
[2012.08.30 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.30 22:26:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.29 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Cyanogenmod7_BU
[2012.08.26 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Samsung_BU
[2012.08.26 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\MadMax\Desktop\Handy
[2012.08.21 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Local\Proxure
[2012.08.21 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012.08.18 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.08.18 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012.08.02 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Foxit Software
[2012.08.01 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011.11.06 17:57:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\MadMax\AppData\Roaming\pcouffin.sys
[30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\MadMax\Documents\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\MadMax\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.30 23:18:10 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 23:18:10 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 23:10:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 23:09:06 | 000,000,020 | ---- | M] () -- C:\Users\MadMax\defogger_reenable
[2012.08.30 22:51:36 | 000,020,191 | ---- | M] () -- C:\Users\MadMax\Desktop\RunDLL.JPG
[2012.08.30 22:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 22:26:51 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 22:13:55 | 003,694,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.30 18:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 17:10:00 | 000,001,889 | ---- | M] () -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.27 00:39:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.27 00:39:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.27 00:39:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.27 00:39:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.24 22:00:12 | 554,727,494 | ---- | M] () -- C:\Users\MadMax\Desktop\sommer2012.mp4
[2012.08.18 15:41:55 | 000,035,255 | ---- | M] () -- C:\Users\MadMax\Desktop\Sheep2.JPG
[2012.08.18 15:40:23 | 000,041,429 | ---- | M] () -- C:\Users\MadMax\Desktop\Sheep.JPG
[30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\MadMax\Documents\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\MadMax\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.30 23:08:50 | 000,000,020 | ---- | C] () -- C:\Users\MadMax\defogger_reenable
[2012.08.30 22:51:32 | 000,020,191 | ---- | C] () -- C:\Users\MadMax\Desktop\RunDLL.JPG
[2012.08.30 22:26:51 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 22:13:42 | 003,694,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.30 17:10:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 17:10:00 | 000,001,889 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.26 22:15:45 | 554,727,494 | ---- | C] () -- C:\Users\MadMax\Desktop\sommer2012.mp4
[2012.08.18 15:41:55 | 000,035,255 | ---- | C] () -- C:\Users\MadMax\Desktop\Sheep2.JPG
[2012.08.18 15:40:22 | 000,041,429 | ---- | C] () -- C:\Users\MadMax\Desktop\Sheep.JPG
[2012.07.09 04:43:28 | 000,004,608 | ---- | C] () -- C:\Users\MadMax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.07 02:48:50 | 000,007,605 | ---- | C] () -- C:\Users\MadMax\AppData\Local\Resmon.ResmonCfg
[2012.06.05 18:34:53 | 000,380,178 | ---- | C] () -- C:\Users\MadMax\Foto.JPG
[2012.06.05 18:34:53 | 000,376,639 | ---- | C] () -- C:\Users\MadMax\Foto(1).JPG
[2012.05.21 21:15:22 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2012.05.21 21:15:22 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.03.14 06:34:34 | 000,004,417 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.cfg
[2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamShapes.ini
[2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamLayout.ini
[2012.03.14 06:34:34 | 000,000,046 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\Camdata.ini
[2012.03.14 05:53:42 | 000,001,205 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.ini
[2012.03.14 05:53:42 | 000,000,000 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.03.14 05:47:17 | 000,000,098 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\CamStudio.Producer.command
[2012.03.14 03:06:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2012.03.14 03:05:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2012.03.14 03:03:09 | 000,212,992 | ---- | C] () -- C:\Windows\System32\corona.dll
[2012.02.23 21:21:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.02.23 21:21:24 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012.02.08 22:21:56 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2012.01.02 09:28:32 | 000,039,880 | ---- | C] () -- C:\Windows\System32\dischandler.exe
[2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll
[2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll
[2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll
[2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011.11.06 17:58:21 | 000,001,057 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\vso_ts_preview.xml
[2011.11.06 17:57:09 | 000,087,608 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\inst.exe
[2011.11.06 17:57:09 | 000,007,887 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\pcouffin.cat
[2011.11.06 17:57:09 | 000,001,144 | ---- | C] () -- C:\Users\MadMax\AppData\Roaming\pcouffin.inf
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.08.31 01:02:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.08.25 12:19:54 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2011.08.25 12:19:54 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011.08.25 12:19:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011.08.25 12:19:53 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
[2011.07.26 15:07:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.07.26 15:06:37 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2011.07.25 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== LOP Check ==========
 
[2012.02.08 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Azureus
[2012.06.06 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Canon
[2011.08.16 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.01 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\DAEMON Tools Lite
[2011.10.22 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Dropbox
[2012.08.02 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Foxit Software
[2012.02.21 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\install
[2012.08.30 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\KeePass
[2012.02.29 01:01:27 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\LG Electronics
[2012.02.29 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\LGSync
[2012.03.14 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\ManyCam
[2012.02.08 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\NaviCoder IDE for Java
[2011.10.16 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Photodex
[2012.02.06 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\PhotoScape
[2011.08.03 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Samsung
[2012.05.13 00:40:57 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\SmartTools
[2011.12.18 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\TeamViewer
[2012.03.28 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Temp
[2011.07.25 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Thunderbird
[2012.05.07 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\TuneUp Software
[2011.12.19 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Ubisoft
[2012.06.17 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\Vso
[2012.04.05 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\MadMax\AppData\Roaming\WebcamMax
[2012.08.02 16:51:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 < End of report >
         
--- --- ---

Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.08.2012 23:14:51 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\MadMax\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,36% Memory free
5,99 Gb Paging File | 4,80 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 9,57 Gb Free Space | 11,50% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
 
Computer Name: TOWER | User Name: MadMax | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B12C9C5-D7E3-4DCE-96FF-BF1D9A151722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{17827512-D72F-4719-8552-C7A2D0000176}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1C822C7E-DDAF-4AE6-BECC-46D3702BDFCB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2E214C67-C438-40B0-8DE0-021103789222}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49208469-CE1E-4547-9E83-30D1C68F30DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B316D39-9AF5-4DD5-B047-5C0ADB8B40FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{552BC7D7-D9AD-4FC7-8162-5261E7C4D44C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BDA8EDE-136A-4772-BCB9-863AA70A5ED7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E700ABF-FF90-4C95-99AF-B8FCE66FE48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62F73149-B23E-429A-86C3-7F70E891970C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6782F2D4-82DF-4E44-8C57-B2F0420B0AF4}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe | 
"{6E87A77A-E6B2-4010-A34B-6AD5A96548C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{747CA21E-77CC-451F-BF0E-456DC9230520}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75E2E38D-653F-4FA0-8464-01CB349A6DD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7801F51E-22AE-415B-ACD9-001306242A53}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7B07D8F2-CF43-4851-B8F7-EBCF0DBCD76E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3C2A6B6-6CF3-475B-9225-23674DFA1B0B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C4302269-80CA-41F2-B38B-636A5B04B82F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C7909E19-7D0E-479F-AE02-3160F26C5F8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA5A2572-37A9-4922-96B2-66ED0E79F65F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DD073A30-5E3C-4094-BA17-E00A26E84210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F0D501DA-9B38-4513-8551-69397E49B941}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7EE0DBF-E1BC-444E-86D9-E8214128B77F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F9B8F112-4BB9-484A-B3AD-E1679FA34B42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A703-D01B-4886-9A6B-418242CBA341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{02371AC0-0D4C-4296-B518-D9F391D597DD}" = dir=in | app=d:\program files\skype\phone\skype.exe | 
"{10DA79B3-2AB5-460E-A3EA-8FD947709A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{1CB29D73-CD37-451A-8ADE-6B9F91E431DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D8250FC-9B79-4BD5-97BD-AAAAE1A67712}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{2D73BEFF-0A28-4130-9588-783623528D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37EC9A35-D2BB-4417-BA9E-5DD9A4223B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{405C0782-CA81-4600-9F52-8A8F44F2F830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{50B3BAD3-6872-4530-97A3-A3064A2FD54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{56FEFD62-83F1-468F-9BD4-E7ECCC1F06B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A240092-B812-4A60-BA55-15AF53665F91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5C73B7FB-F649-40D9-BCD8-445B0956CF0C}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{67AF17FD-1454-4E61-8514-6D6CA4409149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A501EE5-9100-4042-A77E-11637B8D8E91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E950BDD-FC59-4E4F-90FD-67D755135B7C}" = protocol=6 | dir=out | app=system | 
"{718E3F01-B7A2-47A5-ACAE-EC2BE517630A}" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{75AAF5F8-029B-4E9F-9BC2-E7DB06A4CCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B106AAE-3CC4-4CBA-A841-DBBB0C52F050}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{92D68B96-26AC-4AEC-8637-E882BA8D9170}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{A2EF8270-2FCA-4FF1-8350-B2D9279FAA94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A3E7B6FE-2977-4018-A159-36FD3BE9E0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA830AF9-CAE7-43CC-BA31-735C05A10394}" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{B01DC67F-F631-43F9-A8E9-C8F18EC946EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C3699F55-BCEB-48BA-8E9E-FECADD84FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0588C35-E1C3-4B3F-99FB-01126B66EC7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E157B909-4492-420C-A43C-A5A5A6247A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5F02387-621B-4647-B4E2-43DA7FE92B7B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"TCP Query User{00143DC8-A272-45D1-9687-9DC09D31968D}D:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\bin\javaw.exe | 
"TCP Query User{8CBB25CE-3665-4F86-97C0-8F397F0CCA13}D:\program files\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=d:\program files\bmoworld\bomberman.exe | 
"TCP Query User{DC5E37FF-1B17-4E47-8C00-E0CC0ACB751F}C:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{53A3B85B-ECF6-4B19-8C7D-3201E87F6DBF}C:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{B22B019C-AEB2-4465-BEB4-5BFCF6B74D28}D:\program files\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=d:\program files\bmoworld\bomberman.exe | 
"UDP Query User{BD37BBE0-4A0B-4B17-A387-DA54A35FAB2E}D:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{316437CC-FBB8-4F93-AC8F-CFABC3BABAC1}_is1" = OXPDFtoImage Version 2.2.2.24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = eCom
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DukeNukemForever_is1" = Duke Nukem Forever (CREATED BY XEONKING©)
"EA Download Manager" = EA Download Manager
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsMusterbrief-Assistentv7.00" = SmartTools Publishing • Word Musterbrief-Assistent
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Medal of Honor 2010 Deutsch Patch x32" = Medal of Honor 2010 Deutsch Patch x32
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.08.2012 14:10:15 | Computer Name = Tower | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.08.2012 14:11:23 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:11:23 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
[ System Events ]
Error - 30.04.2012 09:07:32 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.04.2012 09:07:33 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 01.05.2012 14:00:49 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 01.05.2012 14:01:11 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 01.05.2012 14:01:12 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 02.05.2012 12:04:18 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 02.05.2012 12:04:39 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.05.2012 12:04:40 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 02.05.2012 17:53:19 | Computer Name = Tower | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 02.05.2012 18:14:49 | Computer Name = Tower | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---

Gmer:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 23:39:59
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 Hitachi_HDT721016SLA380 rev.ST1OA3AA
Running: rzsv3csd.exe; Driver: C:\Users\MadMax\AppData\Local\Temp\kxldipow.sys


---- System - GMER 1.0.15 ----

SSDT            923E479E                                                                                                            ZwCreateSection
SSDT            923E47A8                                                                                                            ZwRequestWaitReplyPort
SSDT            923E47A3                                                                                                            ZwSetContextThread
SSDT            923E47AD                                                                                                            ZwSetSecurityObject
SSDT            923E47B2                                                                                                            ZwSystemDebugControl
SSDT            923E473F                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                            82C3C989 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                              82C5C4E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                                                 82C6387C 4 Bytes  [9E, 47, 3E, 92]
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                                                                                 82C63BD8 4 Bytes  [A8, 47, 3E, 92]
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                                                 82C63C1C 4 Bytes  [A3, 47, 3E, 92]
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                                                 82C63C98 4 Bytes  [AD, 47, 3E, 92]
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                                                                                 82C63CEC 4 Bytes  JMP C10DEF73 
.text           ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text           D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[2368] ntdll.dll!DbgUiRemoteBreakin                  7762F17D 1 Byte  [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x6C 0x62 0x70 0x2C ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xD2 0x54 0x33 0x71 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x2A 0xC1 0xA1 0xC5 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x6C 0x62 0x70 0x2C ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xD2 0x54 0x33 0x71 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x2A 0xC1 0xA1 0xC5 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Vielen Dank im Voraus für euere Hilfe!

Geändert von chillkröte86 (30.08.2012 um 23:07 Uhr)

Alt 31.08.2012, 07:25   #2
kira
/// Helfer-Team
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
starte Malwarebytes Anti-Malware
-> Update ziehen
-> Vollständiger Suchlauf wählen
-> Funde löschen lassen
-> Scanergebnis hier posten!

2.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach installation in der Log-Datei soll etwa so aussehen:
Zitat:
Folder = C:\Users\***\Desktop
3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 31.08.2012, 13:13   #3
chillkröte86
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



Hallo Kira,
danke für deine schnelle Antwort!

Zu 1.:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
***:: TOWER [Administrator]

Schutz: Deaktiviert

31.08.2012 12:07:54
mbam-log-2012-08-31 (13-36-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 309790
Laufzeit: 1 Stunde(n), 24 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
D:\Program Files\Electronic Arts\Medal of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\--((Mutex))--.cfg (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\--((Mutex))--.dat (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\--((Mutex))--.xtr (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
Zu 2./ 3.:
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.08.2012 13:49:45 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,08% Memory free
5,99 Gb Paging File | 4,99 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 8,52 Gb Free Space | 10,24% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
 
Computer Name: TOWER | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Device Center\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\Program Files\Unlocker\UnlockerCOM.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- D:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (WCMVCAM) -- C:\Windows\System32\drivers\wcmvcam.sys (Windows (R) Win 7 DDK provider)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (UnlockerDriver5) -- D:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 66 B0 1B 57 13 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9E1E6D1C-20F5-4580-8D22-C017543F7D7A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=70062035-241b-44f7-8eb2-6a86605a1fa6&apn_sauid=5FDF5AF7-FC10-4C5E-9075-5A99C9C0C3C7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 20:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
 
[2011.07.25 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.25 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions
[2012.05.17 16:00:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MadMax\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions\ich@maltegoetz.de
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\askcom.xml
[2012.08.26 21:28:00 | 000,001,018 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\facebook.xml
[2011.09.03 10:25:05 | 000,000,991 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\ponseu--franzsisch--deutsch.xml
[2012.01.14 20:31:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.10.31 21:39:39 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWU37YWT.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = D:\Program Files\Java\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: Music Notation Training = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Guitar Pro Viewer = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: History Eraser = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\2.8_0\
CHR - Extension: Dropbox = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\
CHR - Extension: Google Maps = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Google Mail-Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Facebook Notifications = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.10.14 16:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [KiesPDLR] D:\Program Files\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUpPortable\App\TuneUp\TUMessages.exe (TuneUp Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{523B399B-3F83-44F8-9622-ED9FDE0CD877}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck turegopt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 12:06:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.30 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.30 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.30 22:26:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.29 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Cyanogenmod7_BU
[2012.08.26 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Samsung_BU
[2012.08.26 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Handy
[2012.08.21 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Proxure
[2012.08.21 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012.08.18 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.08.18 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012.08.18 12:16:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.18 12:16:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.18 12:16:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.18 12:16:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.18 12:16:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.18 12:16:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.18 12:16:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.18 12:10:58 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.18 12:10:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.18 12:10:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.02 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.08.01 15:16:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011.11.06 17:57:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[30 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 13:45:59 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 13:45:59 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 13:44:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 13:38:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 12:06:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.30 23:09:06 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.30 22:51:36 | 000,020,191 | ---- | M] () -- C:\Users\***\Desktop\RunDLL.JPG
[2012.08.30 22:26:51 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 18:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.27 18:45:05 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.27 18:45:05 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.27 00:39:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.27 00:39:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.27 00:39:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.27 00:39:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.24 22:00:12 | 554,727,494 | ---- | M] () -- C:\Users\***\Desktop\sommer2012.mp4
[2012.08.18 15:41:55 | 000,035,255 | ---- | M] () -- C:\Users\***\Desktop\Sheep2.JPG
[2012.08.18 15:40:23 | 000,041,429 | ---- | M] () -- C:\Users\***\Desktop\Sheep.JPG
[30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.30 23:08:50 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.30 22:51:32 | 000,020,191 | ---- | C] () -- C:\Users\***\Desktop\RunDLL.JPG
[2012.08.30 22:26:51 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 17:10:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.26 22:15:45 | 554,727,494 | ---- | C] () -- C:\Users\***\Desktop\sommer2012.mp4
[2012.08.18 15:41:55 | 000,035,255 | ---- | C] () -- C:\Users\***\Desktop\Sheep2.JPG
[2012.08.18 15:40:22 | 000,041,429 | ---- | C] () -- C:\Users\***\Desktop\Sheep.JPG
[2012.07.09 04:43:28 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.07 02:48:50 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.05 18:34:53 | 000,380,178 | ---- | C] () -- C:\Users\***\Foto.JPG
[2012.06.05 18:34:53 | 000,376,639 | ---- | C] () -- C:\Users\***\Foto(1).JPG
[2012.05.21 21:15:22 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2012.05.21 21:15:22 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.03.14 06:34:34 | 000,004,417 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2012.03.14 06:34:34 | 000,000,046 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2012.03.14 05:53:42 | 000,001,205 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.ini
[2012.03.14 05:53:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.03.14 05:47:17 | 000,000,098 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.command
[2012.03.14 03:06:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2012.03.14 03:05:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2012.03.14 03:03:09 | 000,212,992 | ---- | C] () -- C:\Windows\System32\corona.dll
[2012.02.23 21:21:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.02.23 21:21:24 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012.02.08 22:21:56 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2012.01.02 09:28:32 | 000,039,880 | ---- | C] () -- C:\Windows\System32\dischandler.exe
[2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll
[2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll
[2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll
[2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011.11.06 17:58:21 | 000,001,057 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml
[2011.11.06 17:57:09 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2011.11.06 17:57:09 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2011.11.06 17:57:09 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.08.31 01:02:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.08.25 12:19:54 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2011.08.25 12:19:54 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011.08.25 12:19:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011.08.25 12:19:53 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
[2011.07.26 15:07:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.07.26 15:06:37 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2011.07.25 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== LOP Check ==========
 
[2012.02.08 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2012.06.06 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.08.16 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.01 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.10.22 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.08.02 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.02.21 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\install
[2012.08.30 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2012.02.29 01:01:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LG Electronics
[2012.02.29 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LGSync
[2012.03.14 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam
[2012.02.08 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NaviCoder IDE for Java
[2011.10.16 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Photodex
[2012.02.06 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2011.08.03 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.05.13 00:40:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools
[2011.12.18 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.28 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.07.25 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.05.07 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.12.19 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.06.17 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2012.04.05 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebcamMax
[2012.08.02 16:51:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 < End of report >
         
--- --- ---


Extra:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.08.2012 13:49:45 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,08% Memory free
5,99 Gb Paging File | 4,99 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 8,52 Gb Free Space | 10,24% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,14 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
 
Computer Name: TOWER | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B12C9C5-D7E3-4DCE-96FF-BF1D9A151722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{17827512-D72F-4719-8552-C7A2D0000176}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1C822C7E-DDAF-4AE6-BECC-46D3702BDFCB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2E214C67-C438-40B0-8DE0-021103789222}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49208469-CE1E-4547-9E83-30D1C68F30DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B316D39-9AF5-4DD5-B047-5C0ADB8B40FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{552BC7D7-D9AD-4FC7-8162-5261E7C4D44C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BDA8EDE-136A-4772-BCB9-863AA70A5ED7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E700ABF-FF90-4C95-99AF-B8FCE66FE48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62F73149-B23E-429A-86C3-7F70E891970C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6782F2D4-82DF-4E44-8C57-B2F0420B0AF4}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe | 
"{6E87A77A-E6B2-4010-A34B-6AD5A96548C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{747CA21E-77CC-451F-BF0E-456DC9230520}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75E2E38D-653F-4FA0-8464-01CB349A6DD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7801F51E-22AE-415B-ACD9-001306242A53}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7B07D8F2-CF43-4851-B8F7-EBCF0DBCD76E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3C2A6B6-6CF3-475B-9225-23674DFA1B0B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C4302269-80CA-41F2-B38B-636A5B04B82F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C7909E19-7D0E-479F-AE02-3160F26C5F8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA5A2572-37A9-4922-96B2-66ED0E79F65F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DD073A30-5E3C-4094-BA17-E00A26E84210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F0D501DA-9B38-4513-8551-69397E49B941}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7EE0DBF-E1BC-444E-86D9-E8214128B77F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F9B8F112-4BB9-484A-B3AD-E1679FA34B42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A703-D01B-4886-9A6B-418242CBA341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{02371AC0-0D4C-4296-B518-D9F391D597DD}" = dir=in | app=d:\program files\skype\phone\skype.exe | 
"{10DA79B3-2AB5-460E-A3EA-8FD947709A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{1CB29D73-CD37-451A-8ADE-6B9F91E431DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D8250FC-9B79-4BD5-97BD-AAAAE1A67712}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{2D73BEFF-0A28-4130-9588-783623528D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37EC9A35-D2BB-4417-BA9E-5DD9A4223B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{405C0782-CA81-4600-9F52-8A8F44F2F830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{50B3BAD3-6872-4530-97A3-A3064A2FD54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{56FEFD62-83F1-468F-9BD4-E7ECCC1F06B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A240092-B812-4A60-BA55-15AF53665F91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5C73B7FB-F649-40D9-BCD8-445B0956CF0C}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{67AF17FD-1454-4E61-8514-6D6CA4409149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A501EE5-9100-4042-A77E-11637B8D8E91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E950BDD-FC59-4E4F-90FD-67D755135B7C}" = protocol=6 | dir=out | app=system | 
"{718E3F01-B7A2-47A5-ACAE-EC2BE517630A}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{75AAF5F8-029B-4E9F-9BC2-E7DB06A4CCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B106AAE-3CC4-4CBA-A841-DBBB0C52F050}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{92D68B96-26AC-4AEC-8637-E882BA8D9170}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{A2EF8270-2FCA-4FF1-8350-B2D9279FAA94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A3E7B6FE-2977-4018-A159-36FD3BE9E0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA830AF9-CAE7-43CC-BA31-735C05A10394}" = protocol=6 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{B01DC67F-F631-43F9-A8E9-C8F18EC946EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C3699F55-BCEB-48BA-8E9E-FECADD84FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0588C35-E1C3-4B3F-99FB-01126B66EC7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E157B909-4492-420C-A43C-A5A5A6247A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5F02387-621B-4647-B4E2-43DA7FE92B7B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"TCP Query User{00143DC8-A272-45D1-9687-9DC09D31968D}D:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\bin\javaw.exe | 
"TCP Query User{8CBB25CE-3665-4F86-97C0-8F397F0CCA13}D:\program files\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=d:\program files\bmoworld\bomberman.exe | 
"TCP Query User{DC5E37FF-1B17-4E47-8C00-E0CC0ACB751F}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{53A3B85B-ECF6-4B19-8C7D-3201E87F6DBF}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{B22B019C-AEB2-4465-BEB4-5BFCF6B74D28}D:\program files\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=d:\program files\bmoworld\bomberman.exe | 
"UDP Query User{BD37BBE0-4A0B-4B17-A387-DA54A35FAB2E}D:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{316437CC-FBB8-4F93-AC8F-CFABC3BABAC1}_is1" = OXPDFtoImage Version 2.2.2.24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = eCom
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DukeNukemForever_is1" = Duke Nukem Forever (CREATED BY XEONKING©)
"EA Download Manager" = EA Download Manager
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsMusterbrief-Assistentv7.00" = SmartTools Publishing • Word Musterbrief-Assistent
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Medal of Honor 2010 Deutsch Patch x32" = Medal of Honor 2010 Deutsch Patch x32
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:14:18 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:25:50 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:30:36 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 30.08.2012 14:34:49 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 30.08.2012 21:22:38 | Computer Name = Tower | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\smarttools\word
 adressfenster-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "d:\program files\smarttools\word adressfenster-assistent\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 30.08.2012 21:22:39 | Computer Name = Tower | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\smarttools\word
 falz & lochmarken-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "d:\program files\smarttools\word falz & lochmarken-assistent\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 30.08.2012 21:22:40 | Computer Name = Tower | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\smarttools\word
 musterbrief-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "d:\program files\smarttools\word musterbrief-assistent\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
[ System Events ]
Error - 30.04.2012 09:07:32 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.04.2012 09:07:33 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 01.05.2012 14:00:49 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 01.05.2012 14:01:11 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 01.05.2012 14:01:12 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 02.05.2012 12:04:18 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 02.05.2012 12:04:39 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.05.2012 12:04:40 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 02.05.2012 17:53:19 | Computer Name = Tower | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 02.05.2012 18:14:49 | Computer Name = Tower | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---


Zu 4.:
Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	14.01.2012		3.1.0.4880
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	27.08.2012	6,00MB	11.4.402.265
Avira Free Antivirus	Avira	09.08.2012	104MB	12.0.0.1167
BMO WORLD 4.4.0	Broomop And Schthack	11.03.2012		4.4.0
CanoScan Toolbox Ver4.5		26.07.2011		
CCleaner	Piriform	22.08.2012		3.22
DAEMON Tools Lite	DT Soft Ltd	16.02.2012		4.45.3.0297
DivX-Setup	DivX, LLC	14.01.2012		2.6.1.5
DivxToDVD 0.5.2b	VSO-Software SARL	16.06.2012		0.5.2b
Dual-Core Optimizer	AMD	14.01.2012	86,0KB	1.1.4.0169
Duke Nukem Forever (CREATED BY XEONKING©)		16.01.2012		1.0
EA Download Manager	Electronic Arts, Inc.	14.01.2012		6.0.4.124
EA Download Manager UI	Electronic Arts	14.01.2012		6.0.4.124
eCom	Sonix	21.05.2012		5.18.1209.102
Foxit Reader	Foxit Corporation	02.08.2012	36,1MB	5.3.1.606
Google Chrome	Google Inc.	13.02.2012		20.0.1132.43
HTC Driver Installer	HTC Corporation	22.07.2012	1,84MB	3.0.0.007
Java(TM) 6 Update 31	Oracle	24.03.2012	95,1MB	6.0.310
Java(TM) 7 Update 5	Oracle	22.07.2012	99,3MB	7.0.50
JavaFX 2.1.1	Oracle Corporation	22.07.2012	20,8MB	2.1.1
JDownloader 0.9	AppWork GmbH	06.02.2012		0.9
KeePass Password Safe 2.17	Dominik Reichl	11.12.2011	5,41MB	
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	30.08.2012	18,7MB	1.62.0.1300
Medal of Honor (TM)	Electronic Arts	14.01.2012	7,22GB	1.0.0.0
Medal of Honor 2010 Deutsch Patch x32		14.01.2012		
Media Player Codec Pack 4.1.3	Media Player Codec Pack	11.01.2012		4.1.3
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.08.2011	38,8MB	4.0.30320
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.08.2011	2,93MB	4.0.30320
Microsoft Office Professional Plus 2010	Microsoft Corporation	25.08.2011		14.0.6029.1000
Microsoft Silverlight	Microsoft Corporation	11.05.2012	104MB	5.1.10411.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.01.2012	298KB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	18.12.2011	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.07.2011	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.07.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	16.10.2011	16,5MB	10.0.40219
Microsoft-Maus- und Tastatur-Center	Microsoft Corporation	18.08.2012		1.1.500.0
Mozilla Firefox 15.0 (x86 de)	Mozilla	30.08.2012	50,3MB	15.0
Mozilla Firefox 5.0 (x86 de)	Mozilla	25.07.2011	31,1MB	5.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	26.07.2011	35,0KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.07.2011	1,33MB	4.20.9876.0
MyFreeCodec		25.07.2011		
NVIDIA Grafiktreiber 275.33	NVIDIA Corporation	03.02.2012		275.33
NVIDIA PhysX	NVIDIA Corporation	14.01.2012	119MB	9.09.0203
OXPDFtoImage Version 2.2.2.24	OXPDF, Inc.	07.05.2012	32,7MB	2.2.2.24
pdfsam		07.05.2012		2.2.1
Picasa 3	Google, Inc.	01.07.2012		3.8
PL-2303 USB-to-Serial		20.02.2012		
Samsung CLP-310 Series	Samsung Electronics CO.,LTD	26.07.2011		
Samsung Kies	Samsung Electronics Co., Ltd.	03.08.2011	184MB	2.0.1.11053_66
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	31.07.2012	37,9MB	1.3.450.0
Skype™ 5.10	Skype Technologies S.A.	24.08.2012	19,4MB	5.10.116
SmartTools Publishing • Word Adressfenster-Assistent	SmartTools Publishing	13.05.2012		v2.50
SmartTools Publishing • Word Falz & Lochmarken-Assistent	SmartTools Publishing	13.05.2012		v6.50
SmartTools Publishing • Word Musterbrief-Assistent	SmartTools Publishing	13.05.2012		v7.00
SpeedFan (remove only)		14.01.2012		
TeamViewer 7	TeamViewer	12.06.2012		7.0.12979
Ubisoft Game Launcher	UBISOFT	18.12.2011		1.0.0.0
Unlocker 1.9.1	Cedrick Collomb	01.08.2012		1.9.1
ViewSonic Windows 7 Signed Files		06.02.2012		
VLC media player 1.1.11	VideoLAN	06.11.2011		1.1.11
VSO CopyToDVD 4	VSO Software	16.06.2012	126MB	4.3.1.12c
WebcamMax		05.04.2012		7.1.7.2.MultiLanguage
WinRAR 4.01 (32-Bit)	win.rar GmbH	25.07.2011		4.01.0
         
Ich hoffe ich habe jetzt alles richtig und komplett hier eingestellt.
__________________

Alt 01.09.2012, 00:54   #4
kira
/// Helfer-Team
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9E1E6D1C-20F5-4580-8D22-C017543F7D7A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=70062035-241b-44f7-8eb2-6a86605a1fa6&apn_sauid=5FDF5AF7-FC10-4C5E-9075-5A99C9C0C3C7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\askcom.xml
[2012.08.26 21:28:00 | 000,001,018 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\facebook.xml
[2012.08.30 18:50:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.30 17:10:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.
Tipp: -> Java-Updates konfigurieren

3.
Alle Programme/Fenster schliessen
Java-Cache leeren

Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
-> Wie leere ich den Java-Cache?
-> Java-Cache leeren
-> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

4.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

5.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

7.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 01.09.2012, 12:42   #5
chillkröte86
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



OK, habe jetzt alle deine Schritte nacheinander abgearbeitet. Bisher kam beim Neustart schon keine Fehlermeldung mehr =)

Hier das Logfile des Eset Online Scanner (NOD32):
Code:
ATTFilter
L:\programme_cds\Unlocker1.9.1-x64.exe	Win32/Adware.ADON application	cleaned by deleting - quarantined
L:\programme_cds\Unlocker1.9.1.exe	Win32/Adware.ADON application	cleaned by deleting - quarantined
L:\programme_cds\Handy\SuperOneClickv2.3.3.zip	multiple threats	deleted - quarantined
L:\programme_cds\Handy\SOC\Exploits\psneuter	Android/Exploit.Lotoor.AK trojan	cleaned by deleting - quarantined
L:\programme_cds\Handy\SOC\Exploits\zergRush	Android/Exploit.Lotoor.AN trojan	cleaned by deleting - quarantined

trojan	deleted - quarantined
         

Hier die neuen OTL-Logfiles:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.09.2012 13:22:46 - Run 4
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,56% Memory free
5,99 Gb Paging File | 3,56 Gb Available in Paging File | 59,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 8,80 Gb Free Space | 10,58% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,32 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 456,43 Gb Free Space | 49,00% Space Free | Partition Type: NTFS
Drive M: | 232,88 Gb Total Space | 25,37 Gb Free Space | 10,89% Space Free | Partition Type: NTFS
 
Computer Name: TOWER | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 12:06:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.30 14:34:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.08.27 18:45:05 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012.08.22 18:17:04 | 003,113,312 | ---- | M] (Piriform Ltd) -- C:\Programme\CCleaner\CCleaner.exe
PRC - [2012.08.09 00:10:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.26 21:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe
PRC - [2012.06.26 21:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe
PRC - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:07:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.09 15:13:28 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.21 07:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.01 02:30:52 | 000,015,848 | ---- | M] () -- D:\Program Files\Java\bin\jp2native.dll
MOD - [2012.08.30 14:34:31 | 002,242,528 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.08.27 18:45:05 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012.08.22 22:20:54 | 000,035,840 | ---- | M] () -- C:\Programme\CCleaner\Lang\lang-1031.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- D:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.27 18:45:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 13:07:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 13:07:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.09 15:13:22 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.04.18 20:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.05.08 13:07:15 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:07:15 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.02.09 14:16:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.29 09:04:22 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2011.07.25 20:07:39 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2011.06.23 08:43:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.11.11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010.11.11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.11.11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- D:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.04.24 09:18:40 | 010,472,960 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 66 B0 1B 57 13 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: D:\Program Files\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Program Files\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.14 20:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.08.30 14:34:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.08.02 19:37:36 | 000,000,000 | ---D | M]
 
[2011.07.25 19:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.25 16:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions
[2012.05.17 16:00:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vwu37ywt.default\extensions\ich@maltegoetz.de
[2011.09.03 10:25:05 | 000,000,991 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vwu37ywt.default\searchplugins\ponseu--franzsisch--deutsch.xml
[2012.01.14 20:31:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.10.31 21:39:39 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VWU37YWT.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\Application\20.0.1132.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = D:\Program Files\Java\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: Music Notation Training = C:\Users\MadMax\AppData\Local\Google\Chrome\User Data\Default\Extensions\baflflhaeoafhbeiioodmdmjohkoalio\1_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Guitar Pro Viewer = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng\0.3.100_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: History Eraser = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\2.8_0\
CHR - Extension: Dropbox = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\
CHR - Extension: Google Maps = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Google Mail-Checker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Facebook Notifications = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.10.14 16:53:40 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files\TuneUpPortable\App\TuneUp\TUMessages.exe (TuneUp Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{523B399B-3F83-44F8-9622-ED9FDE0CD877}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck turegopt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 02:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.01 02:30:56 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.01 02:19:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.31 12:06:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.30 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.30 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.30 22:26:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.29 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Cyanogenmod7_BU
[2012.08.26 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Samsung_BU
[2012.08.26 22:25:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Handy
[2012.08.21 10:40:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Proxure
[2012.08.21 10:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012.08.18 12:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.08.18 12:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012.08.18 12:16:48 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.18 12:16:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.18 12:16:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.18 12:16:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.18 12:16:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.18 12:16:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.18 12:16:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.18 12:10:58 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.18 12:10:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.18 12:10:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.02 19:49:12 | 000,000,000 | ---D | C] -- C:\Users\MadMax\AppData\Roaming\Foxit Software
[2011.11.06 17:57:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[30 C:\Users\MadMax\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\MadMax\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.01 12:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.01 02:39:01 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.01 02:39:01 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.01 02:39:01 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.01 02:39:01 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.01 02:30:52 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.01 02:30:52 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.01 02:30:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.01 02:30:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.01 02:30:52 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.01 02:28:18 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 02:28:18 | 000,015,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 02:21:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 12:06:25 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.30 23:09:06 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.30 22:26:51 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.27 18:45:05 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.27 18:45:05 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.24 22:00:12 | 554,727,494 | ---- | M] () -- C:\Users\***\Desktop\sommer2012.mp4
[2012.08.18 15:41:55 | 000,035,255 | ---- | M] () -- C:\Users\***\Desktop\Sheep2.JPG
[2012.08.18 15:40:23 | 000,041,429 | ---- | M] () -- C:\Users\***\Desktop\Sheep.JPG
[30 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.30 23:08:50 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.30 22:26:51 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.26 22:15:45 | 554,727,494 | ---- | C] () -- C:\Users\***\Desktop\sommer2012.mp4
[2012.08.18 15:41:55 | 000,035,255 | ---- | C] () -- C:\Users\***\Desktop\Sheep2.JPG
[2012.08.18 15:40:22 | 000,041,429 | ---- | C] () -- C:\Users\***\Desktop\Sheep.JPG
[2012.07.09 04:43:28 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.07 02:48:50 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.05 18:34:53 | 000,380,178 | ---- | C] () -- C:\Users\***\Foto.JPG
[2012.06.05 18:34:53 | 000,376,639 | ---- | C] () -- C:\Users\***\Foto(1).JPG
[2012.05.21 21:15:22 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2012.05.21 21:15:22 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.03.14 06:34:34 | 000,004,417 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2012.03.14 06:34:34 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2012.03.14 06:34:34 | 000,000,046 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2012.03.14 05:53:42 | 000,001,205 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.ini
[2012.03.14 05:53:42 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.03.14 05:47:17 | 000,000,098 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.Producer.command
[2012.03.14 03:06:39 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2012.03.14 03:05:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2012.03.14 03:03:09 | 000,212,992 | ---- | C] () -- C:\Windows\System32\corona.dll
[2012.02.23 21:21:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.02.23 21:21:24 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012.02.08 22:21:56 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2012.01.02 09:28:32 | 000,039,880 | ---- | C] () -- C:\Windows\System32\dischandler.exe
[2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\System32\IntelQuickSyncDecoder.dll
[2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll
[2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll
[2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011.11.06 17:58:21 | 000,001,057 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml
[2011.11.06 17:57:09 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2011.11.06 17:57:09 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2011.11.06 17:57:09 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.08.31 01:02:18 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.08.25 12:19:54 | 000,360,448 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2011.08.25 12:19:54 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011.08.25 12:19:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2011.08.25 12:19:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011.08.25 12:19:53 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys
[2011.07.26 15:07:38 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.07.26 15:06:37 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2011.07.25 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== LOP Check ==========
 
[2012.02.08 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2012.06.06 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.08.16 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.01 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.10.22 22:59:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.08.02 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.02.21 22:09:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\install
[2012.08.30 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2012.02.29 01:01:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LG Electronics
[2012.02.29 00:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LGSync
[2012.03.14 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam
[2012.02.08 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NaviCoder IDE for Java
[2011.10.16 14:29:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Photodex
[2012.02.06 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2011.08.03 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.05.13 00:40:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools
[2011.12.18 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.28 00:30:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.07.25 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.05.07 10:21:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.12.19 00:20:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.06.17 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2012.04.05 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebcamMax
[2012.08.02 16:51:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.09.2012 13:22:46 - Run 4
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,56% Memory free
5,99 Gb Paging File | 3,56 Gb Available in Paging File | 59,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,19 Gb Total Space | 8,80 Gb Free Space | 10,58% Space Free | Partition Type: NTFS
Drive D: | 65,86 Gb Total Space | 47,32 Gb Free Space | 71,85% Space Free | Partition Type: NTFS
Drive E: | 116,49 Gb Total Space | 28,58 Gb Free Space | 24,53% Space Free | Partition Type: NTFS
Drive I: | 116,29 Gb Total Space | 76,98 Gb Free Space | 66,19% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 456,43 Gb Free Space | 49,00% Space Free | Partition Type: NTFS
Drive M: | 232,88 Gb Total Space | 25,37 Gb Free Space | 10,89% Space Free | Partition Type: NTFS
 
Computer Name: TOWER | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B12C9C5-D7E3-4DCE-96FF-BF1D9A151722}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{17827512-D72F-4719-8552-C7A2D0000176}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1C822C7E-DDAF-4AE6-BECC-46D3702BDFCB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2E214C67-C438-40B0-8DE0-021103789222}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49208469-CE1E-4547-9E83-30D1C68F30DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B316D39-9AF5-4DD5-B047-5C0ADB8B40FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{552BC7D7-D9AD-4FC7-8162-5261E7C4D44C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BDA8EDE-136A-4772-BCB9-863AA70A5ED7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E700ABF-FF90-4C95-99AF-B8FCE66FE48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62F73149-B23E-429A-86C3-7F70E891970C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6782F2D4-82DF-4E44-8C57-B2F0420B0AF4}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office14\outlook.exe | 
"{6E87A77A-E6B2-4010-A34B-6AD5A96548C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{747CA21E-77CC-451F-BF0E-456DC9230520}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75E2E38D-653F-4FA0-8464-01CB349A6DD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7801F51E-22AE-415B-ACD9-001306242A53}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7B07D8F2-CF43-4851-B8F7-EBCF0DBCD76E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3C2A6B6-6CF3-475B-9225-23674DFA1B0B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C4302269-80CA-41F2-B38B-636A5B04B82F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C7909E19-7D0E-479F-AE02-3160F26C5F8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA5A2572-37A9-4922-96B2-66ED0E79F65F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DD073A30-5E3C-4094-BA17-E00A26E84210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F0D501DA-9B38-4513-8551-69397E49B941}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7EE0DBF-E1BC-444E-86D9-E8214128B77F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F9B8F112-4BB9-484A-B3AD-E1679FA34B42}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074A703-D01B-4886-9A6B-418242CBA341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{02371AC0-0D4C-4296-B518-D9F391D597DD}" = dir=in | app=d:\program files\skype\phone\skype.exe | 
"{10DA79B3-2AB5-460E-A3EA-8FD947709A8F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{1CB29D73-CD37-451A-8ADE-6B9F91E431DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D8250FC-9B79-4BD5-97BD-AAAAE1A67712}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{2D73BEFF-0A28-4130-9588-783623528D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37EC9A35-D2BB-4417-BA9E-5DD9A4223B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{405C0782-CA81-4600-9F52-8A8F44F2F830}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{50B3BAD3-6872-4530-97A3-A3064A2FD54A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{56FEFD62-83F1-468F-9BD4-E7ECCC1F06B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A240092-B812-4A60-BA55-15AF53665F91}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5C73B7FB-F649-40D9-BCD8-445B0956CF0C}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{67AF17FD-1454-4E61-8514-6D6CA4409149}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6A501EE5-9100-4042-A77E-11637B8D8E91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E950BDD-FC59-4E4F-90FD-67D755135B7C}" = protocol=6 | dir=out | app=system | 
"{718E3F01-B7A2-47A5-ACAE-EC2BE517630A}" = protocol=17 | dir=in | app=c:\users\madmax\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{75AAF5F8-029B-4E9F-9BC2-E7DB06A4CCBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B106AAE-3CC4-4CBA-A841-DBBB0C52F050}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{92D68B96-26AC-4AEC-8637-E882BA8D9170}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{A2EF8270-2FCA-4FF1-8350-B2D9279FAA94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A3E7B6FE-2977-4018-A159-36FD3BE9E0E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA830AF9-CAE7-43CC-BA31-735C05A10394}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{B01DC67F-F631-43F9-A8E9-C8F18EC946EA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C3699F55-BCEB-48BA-8E9E-FECADD84FDFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0588C35-E1C3-4B3F-99FB-01126B66EC7E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E157B909-4492-420C-A43C-A5A5A6247A7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5F02387-621B-4647-B4E2-43DA7FE92B7B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"TCP Query User{00143DC8-A272-45D1-9687-9DC09D31968D}D:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\bin\javaw.exe | 
"TCP Query User{8CBB25CE-3665-4F86-97C0-8F397F0CCA13}D:\program files\bmoworld\bomberman.exe" = protocol=6 | dir=in | app=d:\program files\bmoworld\bomberman.exe | 
"TCP Query User{DC5E37FF-1B17-4E47-8C00-E0CC0ACB751F}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{53A3B85B-ECF6-4B19-8C7D-3201E87F6DBF}C:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\7dqwmv9y.q30\cx09hopr.oeg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{B22B019C-AEB2-4465-BEB4-5BFCF6B74D28}D:\program files\bmoworld\bomberman.exe" = protocol=17 | dir=in | app=d:\program files\bmoworld\bomberman.exe | 
"UDP Query User{BD37BBE0-4A0B-4B17-A387-DA54A35FAB2E}D:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{316437CC-FBB8-4F93-AC8F-CFABC3BABAC1}_is1" = OXPDFtoImage Version 2.2.2.24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft-Maus- und Tastatur-Center
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = eCom
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DukeNukemForever_is1" = Duke Nukem Forever (CREATED BY XEONKING©)
"EA Download Manager" = EA Download Manager
"Foxit Reader_is1" = Foxit Reader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"Picasa 3" = Picasa 3
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SmartToolsAdressfenster-Assistentv2.50" = SmartTools Publishing • Word Adressfenster-Assistent
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SmartToolsMusterbrief-Assistentv7.00" = SmartTools Publishing • Word Musterbrief-Assistent
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"WebcamMax" = WebcamMax
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Medal of Honor 2010 Deutsch Patch x32" = Medal of Honor 2010 Deutsch Patch x32
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.09.2012 07:08:50 | Computer Name = Tower | Source = VSS | ID = 8193
Description = 
 
Error - 01.09.2012 07:08:50 | Computer Name = Tower | Source = System Restore | ID = 8193
Description = 
 
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = VSS | ID = 8193
Description = 
 
Error - 01.09.2012 07:08:52 | Computer Name = Tower | Source = System Restore | ID = 8193
Description = 
 
Error - 01.09.2012 07:08:57 | Computer Name = Tower | Source = MsiInstaller | ID = 11723
Description = 
 
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = VSS | ID = 13
Description = 
 
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = VSS | ID = 12292
Description = 
 
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = VSS | ID = 8193
Description = 
 
Error - 01.09.2012 07:10:43 | Computer Name = Tower | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 30.04.2012 09:07:33 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 01.05.2012 14:00:49 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 01.05.2012 14:01:11 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 01.05.2012 14:01:12 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 02.05.2012 12:04:18 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 02.05.2012 12:04:39 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.05.2012 12:04:40 | Computer Name = Tower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1058
 
Error - 02.05.2012 17:53:19 | Computer Name = Tower | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 02.05.2012 18:14:49 | Computer Name = Tower | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 02.05.2012 18:52:11 | Computer Name = Tower | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
 
< End of report >
         
--- --- ---


Nochmals vielen Dank für deine Hilfe!


Alt 01.09.2012, 13:30   #6
chillkröte86
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



Beitrag war doppelt gepostet..

Alt 02.09.2012, 08:35   #7
kira
/// Helfer-Team
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

:Files
C:\Users\***\AppData\Roaming\Azureus
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 04.09.2012, 00:28   #8
chillkröte86
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



Hier nun das letzte Logfile nach dem Fixen:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
C:\Users\***\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\devices folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\***\AppData\Roaming\Azureus folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7581561 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 09042012_011727

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Es treten bisher keine Fehler mehr auf.
Danke dafür!

Alt 04.09.2012, 07:11   #9
kira
/// Helfer-Team
 
RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Standard

RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)



** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)
adblock, antivir, application/pdf:, autorun, avg, avira, bho, defender, desktop, document, eraser, error, fehler, firefox, flash player, format, google, helper, homepage, install.exe, internet, jdownloader, langs, locker, ntdll.dll, prozessor, registry, scan, security, software, svchost.exe, udp, warnung, windows



Ähnliche Themen: RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)


  1. "DNS_PROBE_FINISHED_NXDOMAIN" Fehler nach Löschung von Viren kein Internet mehr
    Plagegeister aller Art und deren Bekämpfung - 23.09.2015 (7)
  2. RUNDLL Fehler nach Systemstart[2]
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (13)
  3. RUNDLL Fehler nach Systemstart
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (16)
  4. Windows 7 HP: Firewall Fehler Code : 0x6D9 und Rundll Fehler beim Start
    Log-Analyse und Auswertung - 23.09.2013 (22)
  5. Windows Vista RunDLL-Boot-Fehler nach Bundestrojaner-Entfernung (rty0_7z.exe)
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (18)
  6. roper0dun.exe RunDLL Fehler immer nach dem Hochfahren von Windows 7, Exe gelöscht
    Log-Analyse und Auswertung - 25.09.2012 (13)
  7. RunDLL Fehler nach Systemstart (guv-Virus-Verdacht)
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  8. RunDLL Meldung "Fehler beim Laden von ...roper0dun.exe
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (4)
  9. nach GVU Trojaner, jetzt folgende Fehlermeldung: AppData/local/Temp/roper0dun.exe
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (18)
  10. Nach GVU-Trojander RunDLL "glom0_og.exe" fehler
    Log-Analyse und Auswertung - 19.07.2012 (14)
  11. Nach GVU-Trojaner nur noch eingeschränkte Funktion sowie Meldung "roper0dun.exe"
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (11)
  12. Bundespolizei Trojaner, RunDLL Fehler nach Virenscan
    Log-Analyse und Auswertung - 29.03.2012 (3)
  13. RunDll Fehler nach Trojaner-Fund
    Log-Analyse und Auswertung - 26.08.2011 (22)
  14. Rundll-Fehler, unbek. Sys-dateien, aufspringende IE-Fenster, Trojaner ...
    Plagegeister aller Art und deren Bekämpfung - 04.12.2010 (31)
  15. RUNDLL Fehler nach dem Hochfahren.
    Antiviren-, Firewall- und andere Schutzprogramme - 04.10.2010 (3)
  16. Rundll Fehler nach entfernen von Anti Malware Doctor
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (3)
  17. RUNDLL iydkhwsp.dll fehler nach beseitigung eines trojaners,...
    Log-Analyse und Auswertung - 25.05.2007 (2)

Zum Thema RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) - Hallo Trojaner-Board-Community, ich habe hier vor mir einen PC auf dem der GVU-Trojaner 2.07 war/ ist. Nachdem ich mich etwas im Internet belesen habe, trennte ich den PC zuerst vom - RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07)...
Archiv
Du betrachtest: RunDLL-Fehler nach roper0dun.exe-Löschung (GVU-Trojaner 2.07) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.