Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hacktool.Hiderun mit Anti-Malware gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.09.2012, 23:18   #1
Felipe-
 
Hacktool.Hiderun mit Anti-Malware gefunden - Standard

Hacktool.Hiderun mit Anti-Malware gefunden



Hallo liebe Forengemeinde.

Habe nach meinem letzten Virenbefall auf die Aktualität aller Programme geachtet (u.a. mit Secunia) und gehofft, dass ich in Verbindung mit umsichtigem surfen weiteren Problemen aus dem Weg gehen kann.

Bei einem Routine-Test mit Malwarebytes Anti-Malware hab ich jetzt doch einen Virus gefunden: Hacktool.Hiderun

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Felipe_2 :: FELIPE-PC [limited]

07.09.2012 23:38:23
mbam-log-2012-07-30 (15-04-16).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278580
Time elapsed: 18 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\MSI329D.tmp (HackTool.Hiderun) -> No action taken.

(end)
         
Ein OTL Scan brachte folgendes hervor:

Code:
ATTFilter
OTL logfile created on: 08.09.2012 00:10:04 - Run 1
OTL by OldTimer - Version 3.2.61.1     Folder = C:\Users\Felipe_2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,85% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 68,82 Gb Free Space | 68,89% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 763,23 Gb Free Space | 91,79% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.08 00:09:30 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Felipe_2\Downloads\OTL.exe
PRC - [2012.09.07 21:06:07 | 000,917,984 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla\Firefox\firefox.exe
PRC - [2012.08.31 12:52:05 | 000,388,576 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla\Thunderbird\thunderbird.exe
PRC - [2012.07.30 23:30:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.24 05:46:34 | 000,405,832 | ---- | M] () -- D:\Programme\MSI Afterburner\MSIAfterburner.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- D:\Programme\dradio-Recorder\phonostarTimer.exe
PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- D:\Programme\Secunia\PSI\psia.exe
PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- D:\Programme\Secunia\PSI\sua.exe
PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- D:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011.08.03 22:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.07 21:06:07 | 002,244,064 | ---- | M] () -- D:\Programme\Mozilla\Firefox\mozjs.dll
MOD - [2012.08.31 12:52:05 | 002,061,280 | ---- | M] () -- D:\Programme\Mozilla\Thunderbird\mozjs.dll
MOD - [2012.08.31 12:52:05 | 000,157,664 | ---- | M] () -- D:\Programme\Mozilla\Thunderbird\nsldap32v60.dll
MOD - [2012.08.31 12:52:05 | 000,021,984 | ---- | M] () -- D:\Programme\Mozilla\Thunderbird\nsldappr32v60.dll
MOD - [2012.07.24 05:46:34 | 000,405,832 | ---- | M] () -- D:\Programme\MSI Afterburner\MSIAfterburner.exe
MOD - [2012.07.21 08:44:58 | 000,061,440 | ---- | M] () -- D:\Programme\MSI Afterburner\RTMUI.dll
MOD - [2012.07.21 08:44:54 | 000,335,872 | ---- | M] () -- D:\Programme\MSI Afterburner\RTHAL.dll
MOD - [2012.07.21 08:44:38 | 000,225,280 | ---- | M] () -- D:\Programme\MSI Afterburner\RTCore.dll
MOD - [2012.07.21 08:44:30 | 000,147,456 | ---- | M] () -- D:\Programme\MSI Afterburner\RTUI.dll
MOD - [2012.07.21 08:44:22 | 000,061,440 | ---- | M] () -- D:\Programme\MSI Afterburner\RTFC.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- D:\Programme\dradio-Recorder\phonostarTimer.exe
MOD - [2011.04.30 17:04:54 | 000,013,312 | ---- | M] () -- D:\Programme\MSI Afterburner\RTTSH.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.27 21:26:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.25 04:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.22 17:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.07.30 23:30:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- D:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- D:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.08.03 22:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.03 22:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012.07.24 05:46:34 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Programme\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 C7 08 80 50 52 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Programme\Mozilla\Firefox\components [2012.09.07 21:06:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Programme\Mozilla\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.08.31 12:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: D:\Programme\Mozilla\Thunderbird\components [2012.06.24 23:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: D:\Programme\Mozilla\Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.31 12:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.17 13:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Extensions
[2012.08.10 22:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Firefox\Profiles\txl56xpe.default\extensions
[2012.08.10 22:45:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Felipe\AppData\Roaming\mozilla\Firefox\Profiles\txl56xpe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.31 12:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.25 04:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCDDB11A-1826-44FD-82E3-BFFFC95FE70E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.07 23:31:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.07 23:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 23:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports
[2012.09.04 09:49:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.09.04 09:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.09.03 16:30:00 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.03 16:29:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.09.03 16:29:59 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.09.03 16:29:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.31 17:13:03 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012.08.31 17:13:03 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF
[2012.08.31 12:33:44 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.08.31 12:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.31 12:21:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.31 12:21:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.31 12:21:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.31 12:21:01 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.31 12:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.31 12:15:56 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.08.31 12:15:54 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.08.31 12:15:54 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.08.31 12:15:54 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.08.31 12:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.31 11:50:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.08.31 11:43:37 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.31 11:23:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.08.31 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.08.23 21:42:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.08.23 21:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.23 21:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.23 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.08.21 23:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2012.08.21 22:55:57 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Macromedia
[2012.08.21 22:55:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012.08.16 01:05:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 01:05:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 01:05:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 01:05:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 01:05:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 01:05:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 01:05:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 01:05:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 01:05:36 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 01:05:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 01:05:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 01:05:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 01:05:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 18:46:15 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.08.15 09:57:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 09:57:43 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 09:57:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 09:57:42 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.10 22:45:18 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.10 22:45:17 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.08.10 22:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.08.10 22:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.07 23:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.07 20:51:51 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 20:51:51 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 20:49:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.07 20:49:15 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.07 20:49:15 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.07 20:49:15 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.07 20:49:15 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.07 20:44:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 20:44:36 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 23:22:04 | 000,292,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.31 12:20:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.31 12:20:59 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.31 12:20:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.31 12:20:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.31 12:20:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.31 12:20:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.31 12:19:46 | 000,000,715 | ---- | M] () -- C:\Users\Felipe\Desktop\MSI Afterburner.lnk
[2012.08.31 12:15:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.08.31 12:15:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.08.31 12:15:52 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.08.31 12:15:52 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.08.31 12:15:52 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.08.31 12:15:52 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.08.31 11:43:37 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.08.27 21:26:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.27 21:26:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.22 17:40:42 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012.08.22 17:40:42 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012.08.15 18:47:47 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.07 23:18:01 | 000,002,333 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.09.07 23:18:01 | 000,002,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.09.07 23:18:01 | 000,002,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.09.04 09:18:42 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.08.31 17:13:02 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012.07.30 23:30:21 | 000,280,976 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.30 23:30:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

< End of report >
         
Was soll ich tun? Den Virus mit Malwarebytes löschen?

Ich danke für jede Hilfe!

Edit:
Habe den TDSS Killer von Kaspersky laufen lassen, ohne Fund.

Edit2: Habe die Datei mit Anti-Malware in Quarantäne stellen lassen, allerdings findet das Programm bei neuen Suchläufen die infizierte Datei immer wieder. Ist das normal (bis zum endgültigen Löschen aus der Quarantäne)?

Hier noch die Extras.txt von OTL:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.09.2012 00:10:04 - Run 1
OTL by OldTimer - Version 3.2.61.1     Folder = C:\Users\Felipe_2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,85% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 68,82 Gb Free Space | 68,89% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 763,23 Gb Free Space | 91,79% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0907ED42-5699-41A9-9F81-81533DD602A9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0D7C576E-01ED-43E4-A611-D437CA940AC0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0DF05E08-BF56-4D5D-91DD-9A262F38E40D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{17E0E607-4B8A-4180-A0B4-5F5BD3C7643F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EA17D11-6245-43AC-AE14-C20ADD8E7B64}" = rport=138 | protocol=17 | dir=out | app=system | 
"{31D2E76E-45AA-421A-A347-CADD27611973}" = lport=137 | protocol=17 | dir=in | app=system | 
"{33A4E6C2-58D2-4102-B34E-DB34134D4A47}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3AA19804-B11C-4AB2-AA99-81540CC2BD7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{41290E52-08CE-42F6-A56E-84875FDB7A9C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{48471CBA-949C-4059-B4F9-B93E4DC49521}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5730C4DA-E1B4-4592-9883-6DA7D8BD3D79}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58377884-C381-4CEB-86C7-AFC8BF1EC94F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{703DAC49-1DA4-491C-B4BC-8B857A2D44A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78CB0617-6ED8-4A91-9698-6CB42092EEA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8422F7EA-0BEA-46A6-8D9C-9B6F19DDA97C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8C0E91E7-84B6-4B39-BE44-0CBABC13B6CB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9AA89B4B-2704-4381-BF2B-B5B90A0D685E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FE13D0C-B320-4727-B898-438A2E56FCE9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DA3EB676-CAC8-4931-AEB5-B5D547FD2827}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA5393E9-CEF8-4108-97D2-85DC05F56EBD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8C3F0F8-E54E-4F94-8659-41410F871B2D}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC06775-05E4-433E-91C8-07FF8599DF71}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0DCC8F70-F5C0-4740-8B0B-7E79D22AC384}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0E94106F-A8A3-4F83-9D90-C8117AB67E23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1019A90F-049B-43E9-99E4-F12A59401220}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DDF6491-B468-4ED9-9187-BE984C99890C}" = protocol=17 | dir=in | app=d:\programme\2k sports\nba 2k11\nba2k11.exe | 
"{37430C56-B63F-48A2-8688-4044926CEFE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3756818B-D8C8-4F10-A73D-69AB85B18B8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3756939C-E559-4A65-BA8A-EF43C2FF3E03}" = protocol=17 | dir=in | app=d:\programme\assassin's creed revelations\acrsp.exe | 
"{3B26EF41-EF02-4C62-9196-90830B1CF21B}" = protocol=17 | dir=in | app=d:\programme\company of heroes anthology\reliccoh.exe | 
"{3EB3DFC7-E00C-468E-AD99-AAAB6739FE9E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4372F9A8-FA66-4D29-A00D-EEC5FDCB3EE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DF43A45-A534-4BC2-8D71-631CA596674C}" = protocol=6 | dir=in | app=d:\programme\2k sports\nba 2k11\nba2k11.exe | 
"{5275AA96-51C0-4A3E-8383-9FB9CA350E1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5418CAF5-C479-491E-8E52-8C3F1B90FF8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5996D02A-6A6D-45C2-ADA9-B3BD437281CB}" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{5B985991-F6FD-4637-AAD3-DF70DFED7108}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63692F28-6F06-4728-AA47-0017F4E94C21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{63FB1521-4C28-4137-A31B-BBCFC9492147}" = protocol=17 | dir=in | app=d:\programme\assassin's creed revelations\acrmp.exe | 
"{675EB7DE-4A44-4441-A54F-9740BE3D331E}" = protocol=6 | dir=out | app=system | 
"{6AA946AA-561A-4227-A2C7-DC08D3A52368}" = protocol=6 | dir=in | app=d:\programme\rockstar games\max payne 3\playmaxpayne3.exe | 
"{6AFD2206-D483-42F4-9B55-930A7DC030E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7158A1A4-0EA8-4B85-B71F-05B14BD98452}" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{73607AE2-7393-4AD2-BC8B-0272528C8A7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76074B55-197C-4A4D-9BF1-C0BD66200349}" = protocol=6 | dir=in | app=d:\programme\company of heroes anthology\reliccoh.exe | 
"{78475540-D9DB-4FBB-9D6F-A62A007B2E74}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7C6E5EE9-CD78-4A9B-9BB5-EF49C8C508FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7D04875E-4B4E-47FF-8710-FA7D5C4FAD4C}" = protocol=17 | dir=in | app=d:\programme\assassin's creed revelations\assassinscreedrevelations.exe | 
"{80387DF5-4139-4A4E-A52F-959A99FB7013}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{84879116-F9BC-49BD-A51A-8209377EBD9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A80F9C4-9D43-45D2-8E6B-80A3F5F7CC98}" = protocol=6 | dir=in | app=d:\programme\company of heroes anthology\relicdownloader\relicdownloader.exe | 
"{8FD13F11-F7F5-4066-BC95-32BB1B741035}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{918DE21F-5EF0-40A2-B739-148B77ACAD71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9EB834DA-FECB-4685-BE34-998B8D5B18D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9D9ABE1-70BF-4F63-AD8F-2DAD9B1DDE9B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C3339D7E-06D0-49BD-88C0-478D10FB2CEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D2371D52-C4F5-4544-B039-F9E9B49AC02E}" = protocol=6 | dir=in | app=d:\programme\assassin's creed revelations\acrsp.exe | 
"{D67DBC82-4A2E-4545-9EDE-9A96A9D688C7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E6922A95-3A17-4B7B-AD09-685883CAE3CD}" = protocol=6 | dir=in | app=d:\programme\assassin's creed revelations\assassinscreedrevelations.exe | 
"{E79859D3-CF68-46EC-B162-242892613AB0}" = protocol=17 | dir=in | app=d:\programme\rockstar games\max payne 3\playmaxpayne3.exe | 
"{ECE5A429-AEC7-4BF6-93A4-76685440DFC4}" = protocol=6 | dir=in | app=d:\programme\assassin's creed revelations\acrmp.exe | 
"{EE6652C9-DDDA-4688-BB8F-D5A47EC6389F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7146FE3-218A-48E0-A1E8-B3F8071CE812}" = protocol=17 | dir=in | app=d:\programme\company of heroes anthology\relicdownloader\relicdownloader.exe | 
"TCP Query User{22B85101-01FB-4814-B23E-EE95C199EC3A}D:\programme\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\max payne 3\maxpayne3.exe | 
"TCP Query User{81176EBD-0BD5-4DE4-9ABB-3BD0DEF687A1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{90787DC0-9509-47C8-8BFB-0CD2BF147F38}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{ECBBF31A-9023-477A-8FB5-72EED766C2C2}C:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe | 
"UDP Query User{2BD61366-FA7D-4549-9BEE-12713CBA8D02}D:\programme\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\max payne 3\maxpayne3.exe | 
"UDP Query User{41BF51C5-4712-40C4-9A00-0E52033579B2}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{6DB715AE-EA20-49DD-B612-5EBEB42E709C}C:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe | 
"UDP Query User{A663698F-6732-4C68-B8BE-6B04A23ADA34}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D241AC96-11AC-45C1-A4BA-7A7C6DDCDADD}" = Nitro Reader 2
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.3
"Company of Heroes" = Company of Heroes
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"jdownloader09" = JDownloader 0.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rockstar Games Social Club" = Rockstar Games Social Club
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Ugrib_is1" = Ugrib RC1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.09.2012 02:05:21 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.09.2012 03:49:08 | Computer Name = Felipe-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTAIV.exe, Version: 1.0.7.0, Zeitstempel:
 0x4bd9efbe  Name des fehlerhaften Moduls: GTAIV.exe, Version: 1.0.7.0, Zeitstempel:
 0x4bd9efbe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001a9346  ID des fehlerhaften Prozesses:
 0x9cc  Startzeit der fehlerhaften Anwendung: 0x01cd8a71c0509d31  Pfad der fehlerhaften
 Anwendung: D:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe  Pfad des fehlerhaften
 Moduls: D:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe  Berichtskennung:
 014a20f4-f665-11e1-933d-1c6f65878ead
 
Error - 04.09.2012 04:12:40 | Computer Name = Felipe-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Grand Theft Auto IV" konnte nicht heruntergefahren
 werden.
 
Error - 04.09.2012 14:24:42 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.09.2012 02:48:32 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.09.2012 02:38:42 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.09.2012 14:35:30 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.09.2012 15:56:57 | Computer Name = Felipe-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MaxPayne3.exe, Version: 1.0.0.55,
 Zeitstempel: 0x5037e3a5  Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 8.17.13.142,
 Zeitstempel: 0x4fb20322  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0006eb45  ID des fehlerhaften
 Prozesses: 0xedc  Startzeit der fehlerhaften Anwendung: 0x01cd8c698c15e3f8  Pfad der
 fehlerhaften Anwendung: D:\Programme\Rockstar Games\Max Payne 3\MaxPayne3.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\nvwgf2um.dll  Berichtskennung: 03399239-f85d-11e1-92bd-1c6f65878ead
 
Error - 07.09.2012 03:19:24 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.09.2012 14:46:26 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 361 Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
[ System Events ]
Error - 27.07.2012 11:47:57 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 30.07.2012 03:54:50 | Computer Name = Felipe-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.08.2012 04:31:30 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.08.2012 11:36:58 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 04.08.2012 10:11:46 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 05.08.2012 04:00:12 | Computer Name = Felipe-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.08.2012 05:41:04 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 14.08.2012 04:06:58 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 16.08.2012 05:14:50 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 17.08.2012 11:18:02 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
         
--- --- ---

Letztes Update für heute:

Ich habe eine Testversion von der ESET Smart Security installiert, die die Datei MSI329d.tmp nicht als infiziert erkennt. Eine Übertragung in die Quarantäne ist aber, ebenso wie bei Malwarebytes nicht komplett möglich, die Datei bleibt wohl zu teilen - so eine Meldung - im Ordner.
Wie werde ich sie also los?

Gute Nacht erstmal!

Geändert von Felipe- (07.09.2012 um 23:53 Uhr)

Alt 11.09.2012, 08:54   #2
Felipe-
 
Hacktool.Hiderun mit Anti-Malware gefunden - Standard

Hacktool.Hiderun mit Anti-Malware gefunden



Mittlerweile ist es kein Problem mehr, ich habe eine Neuinstallation vorgenommen.
Schönen Dank trotzdem.
Der Thread kann geschlossen werden.

Gruß Felipe
__________________


Antwort

Themen zu Hacktool.Hiderun mit Anti-Malware gefunden
7-zip, adobe, application/pdf:, autorun, bho, cleaner pro, converter, eset smart security, explorer, file, firefox, flash player, format, grand theft auto, hacktool.hiderun, helper, home, install.exe, jdownloader, langs, logfile, löschen, mozilla, mp3, nvidia, nvidia update, pdf, programme, realtek, registry, secunia psi, software, surfen, system, tracker, virus



Ähnliche Themen: Hacktool.Hiderun mit Anti-Malware gefunden


  1. Backdoor.Bot - gefunden durch Malewarebytes Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (5)
  2. Mit Malwarebytes-Anti Malware 39 Bedrohungen gefunden
    Lob, Kritik und Wünsche - 07.01.2014 (0)
  3. Mit Malwarebytes-Anti Malware 39 Bedrohungen gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (7)
  4. pup.optional.conduit mit Anti-Malware gefunden
    Log-Analyse und Auswertung - 23.12.2013 (11)
  5. Adware.Shopper und 2x PUP.Hacktool mit Anti-Malware gefunden !
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (1)
  6. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  7. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  8. Pup.offerbundler.st und pup.bundlerinstaller.bi mit Malwarebytes Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (9)
  9. PUP.Blabbers bei Malwarebytes Anti-Malware Scan gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (14)
  10. BKA Trojaner wird von Anti Malware nicht gefunden.
    Log-Analyse und Auswertung - 10.08.2012 (14)
  11. HackTool.Hiderun in c:\windows\installer und Java.Trojan im Cache entdeckt
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (15)
  12. C:\Windows\Installer\MSI50D9.tmp (HackTool.Hiderun)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (17)
  13. MBAM-Seite nicht aufrufbar / MSIBF4D.tmp (HackTool.Hiderun)
    Log-Analyse und Auswertung - 31.01.2012 (1)
  14. Trojan.Agent mit Anti-Malware gefunden!
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (17)
  15. 17 Infizierung mit Malwarebytes' Anti-Malware gefunden - Und nun?
    Log-Analyse und Auswertung - 26.05.2010 (1)
  16. Malwarebytes Anti-Malware hat was gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (26)

Zum Thema Hacktool.Hiderun mit Anti-Malware gefunden - Hallo liebe Forengemeinde. Habe nach meinem letzten Virenbefall auf die Aktualität aller Programme geachtet (u.a. mit Secunia) und gehofft, dass ich in Verbindung mit umsichtigem surfen weiteren Problemen aus dem - Hacktool.Hiderun mit Anti-Malware gefunden...
Archiv
Du betrachtest: Hacktool.Hiderun mit Anti-Malware gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.