Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner und Windows 8 Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.05.2013, 08:31   #1
Sin.Schumi
 
BKA Trojaner und Windows 8 Problem - Standard

BKA Trojaner und Windows 8 Problem



Hallo,

habe mir den BKA Trojaner gefangen...leider hat Windows 8 keinen Abgesicherten Modus

Ich habe es nun nach viel hin und her geschafft über den Taskmanager MBAM zu starten und er hat auch was gefunden.

Nach dem Neustart, versucht er wohl kurz eine Eingabeaufforderung zu starten und er Bildschirm bleibt schwarz.

Ich kann dann nur mit dem Taskmanager arbeiten, dort habe ich versucht Combofix zu starten das funktioniert aber unter Winodws 8 nicht

Wie kann Ich weiter vorgehen ??

Habe schon in der Boardsuche geschaut aber nix gefunden

Gruß Michael

So habe mal mit OTL gescannt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.05.2013 09:45:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 7,18 Gb Available Physical Memory | 91,07% Memory free
9,07 Gb Paging File | 8,40 Gb Available in Paging File | 92,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,45 Gb Total Space | 161,29 Gb Free Space | 57,72% Space Free | Partition Type: NTFS
Drive D: | 397,87 Gb Total Space | 397,73 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 7,46 Gb Total Space | 7,45 Gb Free Space | 99,92% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: ***** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GRD) -- C:\Windows\SysNative\Drivers\GRD.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\Drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\Drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\Drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\Drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\Drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\Drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\Drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\Drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\Drivers\kbfiltr.sys ( )
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys (ASUS)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3612980620-3139492101-4046368682-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
IE - HKU\S-1-5-21-3612980620-3139492101-4046368682-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/
IE - HKU\S-1-5-21-3612980620-3139492101-4046368682-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3612980620-3139492101-4046368682-1002\..\SearchScopes\{983B869E-25A6-47DC-83C7-66A672AE954F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3612980620-3139492101-4046368682-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3612980620-3139492101-4046368682-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.12 18:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.12 18:16:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.02.02 15:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-6PH63.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3612980620-3139492101-4046368682-1002..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09DAA2AC-AF3C-46E0-B65A-1C39CC2A9174}: DhcpNameServer = 192.168.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BDE50E2-98F0-42C0-83A6-A42CBE7DD1B8}: DhcpNameServer = 192.168.48.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\lwir0.bat) - C:\ProgramData\lwir0.bat ()
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\lwir0.bat) - C:\ProgramData\lwir0.bat ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.03 09:41:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics
[2013.05.02 18:58:50 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2013.05.02 18:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.02 18:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.02 18:58:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.02 18:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.02 18:56:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Programs
[2013.05.02 12:37:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Documents\Bluetooth Folder
[2013.05.02 09:55:45 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Identities
[2013.05.02 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Omep
[2013.05.02 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Efuw
[2013.05.02 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Acyf
[2013.04.29 19:14:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rfvd.dat
[2013.04.26 08:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014
[2013.04.15 10:14:17 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013.04.15 10:14:15 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.15 10:14:14 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.04.15 10:14:14 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.04.15 10:14:12 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013.04.15 10:14:11 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.15 10:14:11 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013.04.15 10:14:11 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013.04.15 10:14:11 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013.04.15 10:14:11 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013.04.15 10:14:11 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013.04.15 10:14:10 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013.04.15 10:14:10 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013.04.15 10:14:10 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.04.15 10:14:10 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013.04.15 10:14:10 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013.04.15 10:14:10 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013.04.15 10:14:09 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.15 10:14:09 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.04.15 10:14:09 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.04.15 10:14:09 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013.04.15 10:14:09 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.04.15 10:14:09 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013.04.15 10:14:09 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013.04.15 10:14:08 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.04.15 10:14:08 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.04.15 10:14:08 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013.04.15 10:14:08 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013.04.15 10:14:08 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013.04.15 10:14:08 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013.04.15 10:14:08 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013.04.15 10:14:08 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013.04.15 10:14:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.04.15 10:14:08 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013.04.15 10:14:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013.04.15 10:14:06 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.04.15 10:14:06 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.04.15 10:14:06 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013.04.15 10:14:06 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.04.15 10:14:06 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013.04.15 10:14:06 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013.04.15 10:14:06 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.04.15 10:14:06 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013.04.15 10:14:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013.04.15 10:14:06 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013.04.15 10:14:06 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013.04.15 10:14:06 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.04.15 10:14:06 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013.04.15 10:14:06 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.04.15 10:14:06 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013.04.15 10:14:06 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013.04.15 10:14:06 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.04.15 10:14:06 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.04.15 10:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.04.15 10:14:05 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013.04.15 10:14:05 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.04.15 10:14:05 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013.04.15 10:14:05 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013.04.15 10:14:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013.04.15 10:14:05 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.04.15 10:14:05 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013.04.15 10:14:05 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013.04.15 10:14:05 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013.04.15 10:14:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.04.15 10:14:05 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013.04.15 10:14:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013.04.12 18:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.04.10 09:38:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 09:38:12 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.04.10 09:38:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 09:38:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 09:38:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 09:38:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 09:38:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 09:38:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 09:38:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 09:38:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 09:38:04 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 09:37:59 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.04.10 09:37:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 09:41:15 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.03 09:41:15 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.03 09:41:15 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.03 09:41:15 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.03 09:41:15 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.03 09:40:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 09:38:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.05.03 09:38:16 | 2474,246,143 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 19:20:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\lwir0.pad
[2013.05.02 19:15:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 18:59:57 | 000,710,504 | ---- | M] () -- C:\Windows\is-6PH63.exe
[2013.05.02 18:59:57 | 000,013,521 | ---- | M] () -- C:\Windows\is-6PH63.msg
[2013.05.02 18:59:57 | 000,000,361 | ---- | M] () -- C:\Windows\is-6PH63.lst
[2013.05.02 12:34:55 | 000,000,401 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\sp_data.sys
[2013.05.02 10:10:16 | 000,002,609 | ---- | M] () -- C:\ProgramData\lwir0.js
[2013.05.02 09:55:09 | 000,000,151 | ---- | M] () -- C:\ProgramData\lwir0.reg
[2013.05.02 09:55:09 | 000,000,055 | ---- | M] () -- C:\ProgramData\lwir0.bat
[2013.05.02 09:05:58 | 000,000,176 | ---- | M] () -- C:\Users\Mathias\Desktop\DKB - Deutsche Kreditbank AG - Internet Banking.url
[2013.04.29 20:26:23 | 000,000,000 | ---- | M] () -- C:\ProgramData\do3d9.dat
[2013.04.29 19:14:49 | 000,016,944 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.04.29 19:14:23 | 000,107,128 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.04.29 19:14:06 | 095,023,320 | ---- | M] () -- C:\ProgramData\23lldnur.pad
[2013.04.29 19:14:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rfvd.dat
[2013.04.29 18:56:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\jeq7of.pad
[2013.04.29 18:38:46 | 000,001,031 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.29 18:38:45 | 095,023,320 | ---- | M] () -- C:\ProgramData\9d3od.pad
[2013.04.29 18:38:45 | 000,000,152 | ---- | M] () -- C:\ProgramData\jeq7of.reg
[2013.04.29 18:38:45 | 000,000,056 | ---- | M] () -- C:\ProgramData\jeq7of.bat
[2013.04.26 08:59:09 | 000,064,824 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.04.26 08:59:06 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.04.26 08:59:05 | 000,068,408 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.04.26 08:59:04 | 000,133,976 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.04.26 08:59:04 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.04.26 08:59:04 | 000,060,248 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.04.26 08:51:37 | 001,052,127 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.04.26 08:51:37 | 000,054,399 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.04.18 10:13:31 | 000,357,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.02 18:59:57 | 000,710,504 | ---- | C] () -- C:\Windows\is-6PH63.exe
[2013.05.02 18:59:57 | 000,013,521 | ---- | C] () -- C:\Windows\is-6PH63.msg
[2013.05.02 18:59:57 | 000,000,361 | ---- | C] () -- C:\Windows\is-6PH63.lst
[2013.05.02 18:58:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 10:10:16 | 000,002,609 | ---- | C] () -- C:\ProgramData\lwir0.js
[2013.05.02 09:55:09 | 000,000,151 | ---- | C] () -- C:\ProgramData\lwir0.reg
[2013.05.02 09:55:09 | 000,000,055 | ---- | C] () -- C:\ProgramData\lwir0.bat
[2013.05.02 09:55:05 | 095,023,320 | ---- | C] () -- C:\ProgramData\lwir0.pad
[2013.04.29 19:14:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\23lldnur.pad
[2013.04.29 18:38:46 | 000,001,031 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.29 18:38:45 | 000,000,152 | ---- | C] () -- C:\ProgramData\jeq7of.reg
[2013.04.29 18:38:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\jeq7of.bat
[2013.04.29 18:38:41 | 095,023,320 | ---- | C] () -- C:\ProgramData\jeq7of.pad
[2013.04.29 18:38:41 | 095,023,320 | ---- | C] () -- C:\ProgramData\9d3od.pad
[2013.04.29 18:38:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\do3d9.dat
[2013.04.26 08:59:06 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.04.18 10:13:16 | 000,357,304 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.15 10:14:05 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.02.03 17:28:54 | 001,052,127 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2013.02.02 17:05:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.02.02 17:04:57 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.02.02 17:04:57 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2013.02.02 17:04:49 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2013.02.02 15:30:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.31 10:51:20 | 000,000,401 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\sp_data.sys
[2012.12.25 17:28:05 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.11.05 09:48:43 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.05 09:48:17 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.05 09:48:13 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.08.17 02:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012.08.17 02:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.02 09:55:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Acyf
[2013.01.31 10:51:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\ASUS WebStorage
[2013.01.31 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canneverbe Limited
[2013.05.02 09:55:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Efuw
[2013.05.02 09:55:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Omep
[2013.02.02 16:44:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TeraCopy
[2013.02.02 15:47:32 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---

Mir ist aufgefallen das Ich OTL Extras vergessen hatte hier der Logfile incl.

Extras:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.05.2013 11:04:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = F:\
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 83,43% Memory free
9,07 Gb Paging File | 7,32 Gb Available in Paging File | 80,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,45 Gb Total Space | 161,28 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
Drive D: | 397,87 Gb Total Space | 397,73 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 7,46 Gb Total Space | 7,45 Gb Free Space | 99,92% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A9B1BC7-3CEE-4AE7-A2BD-02DE73910138}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{328B05D0-AE94-43C9-B35E-85FEE79A9332}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{338D7373-9AA6-490B-BFB2-890CA06F30B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3C3FDB55-BD0F-45F6-87A9-6BB66043991B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4227A9E0-2E8E-4FF7-B59E-9EAAE8A3FFA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4323EB49-EDE0-4DC7-8CA8-AD934F257B48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D4E1B61-41BD-4862-BE29-5B53C49AF884}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60A8EDC4-44AD-40F4-83E5-5F422A1C96AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73277B6B-9B23-401B-B9A2-6E6AD8AB6F80}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75E44BC4-4167-4FAB-AA88-B7FEA8276635}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{81504E15-1AF7-4038-98A7-A10D357EE633}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{918D8BEC-A0B5-47A8-9F9F-08475325AFB7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{97D98CD1-D5F7-4210-B873-AC84453A03EA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A3E2743F-92D1-45CC-A0C4-FDD105B4B519}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A6950D5B-A973-4B1E-8AB3-16425B8BEE40}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AC49CB6F-8C11-4E66-98CF-63C599EA75CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B8E17F1F-40A4-4C0F-9BB7-1AEE5ECA4DA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C4A1A675-4B6D-4B44-A77E-8D7831B016D3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DD05CEB7-A8B5-4D37-95E8-DA8DD6CB2583}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DFC64DCF-376C-461E-B2F8-23329C216E8A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E769ED00-5691-4594-AE5A-175A26A612EA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F791F12F-6D1B-461D-86A1-B6C4E802E7F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB6B82AB-C993-4DBC-B62D-20B487942F53}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055E09A1-BA59-49FD-B29D-DC73BDF59BA2}" = dir=out | name=fresh paint | 
"{09136563-16AE-44B5-B097-9B5BD011F245}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{0919DDDD-645E-4B64-8523-EFD4D49AD6CE}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{0AE313B6-FC2E-4BDB-8622-AA37A1A93477}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{13E8D42C-FA13-4EC6-A768-FA806C8987FC}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{1B623FEF-CD90-4A0B-ADAC-AFB86B5E61B8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{1D7D814E-C416-432E-BD0B-5D5671E93F9C}" = dir=out | name=taptiles | 
"{1DDB340E-614A-4CB2-975B-19E7AD160270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E62A5F0-F42D-4ABF-90D7-CBB72C40FDC3}" = dir=out | name=wordament | 
"{22D37FF7-0BCD-4F54-974C-B135BAA064D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{3B957723-8CB5-4869-92D8-D1AB43AB3F2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E37ADF1-E2B2-483B-822B-F0FF0CDDBD30}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{416CC57E-F5A1-4C0B-A4C6-5EBEF042CA12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{41DFC2C1-C130-49E5-9E16-B39525C90C1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{44AD1225-84A9-467E-94AD-6EA2E583B114}" = dir=in | name=skype | 
"{47D95D58-D37A-4A65-B81C-73BA96A9549E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{5297F9F0-5331-4790-BC04-BA3DB67844DB}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{55C856EE-3AD6-4C38-B882-B01126C85F28}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{55F473B2-5E89-4879-86EF-75E44DCB1DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5ACE06EC-1DD7-4310-851D-927B1E8BA2F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5B212471-36FA-4CFC-8755-1A48DB6859DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{712F512E-C96B-45F1-912C-A55C1ED0CFF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7756B4D6-DAA9-4034-BC1F-6F2EDE81EE90}" = dir=out | name=skype | 
"{782BE32F-78DF-42DD-A1C9-F368CFFDA88E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BFA855F-74B5-423F-A6B1-8AC9B570B2BC}" = dir=out | name=microsoft solitaire collection | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{86B70D1E-4225-49DA-BB69-EE8C9DC99998}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{8AB1C969-8C1A-40F3-A232-8155BD8E9252}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{8AC04F04-6BF3-4177-A07F-129DFD6F01CD}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{8CAFB462-D607-4651-AD0D-6128C96076A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8D39836B-8AFD-428C-91FC-848C2C521D09}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{933E412F-6F57-42A6-BDAC-5865BA0724BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{985DF349-E804-44F2-BA01-F4C6DAEDB6C5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{9B5EE251-C609-47CB-A43F-90F82F8B1E91}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{9BFB94AA-5801-4B58-8CAF-28627F7CDDA4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{9EB65DED-DFAA-494E-97E3-47FA24C6450D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 | 
"{A1BAEEE3-C5EF-4D55-8BDF-D5FE5D7251D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A1C1E39D-AE20-46ED-A1AE-66CBF25999B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2A16C04-1AE8-4E61-9F77-7927AACE8CCC}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A9814F5C-A496-4968-8F11-92312FF22286}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{B09678D9-6D50-444A-8E7A-6E703E564F7B}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{B0CE47D1-1B4C-4A80-8F7C-23B924470050}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B3CDD850-B4F7-44D8-BF48-08727FDD4346}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{C097BF4A-F625-47D0-A84E-A9216B1964E7}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{CCB88DDC-F72D-49ED-884F-0411E34CD6A7}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CDB042F8-94EC-4759-8A35-30475F7C94DE}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{CE0792F5-5B47-4171-9A3A-7E8F9E247DF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D2651A9C-6D60-4FD7-946D-6E2947871C0C}" = dir=out | name=adera | 
"{D383FFA8-F77A-4B53-B2A2-9F34E7C61A05}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D3E2EBBB-534A-408C-ABC8-01BA4F5F41BF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DCEA62E7-C23C-4524-A7B0-273EDB477FE6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{DD730AB2-13D3-4BF1-BD62-8B43F00FBCFF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DDC17927-E5A5-4DCB-8036-0C50E7746FBD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E1459733-29DC-4D20-B075-0F381EE9DAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{E57E2073-1030-4007-8187-370EFDE91C11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5BF316C-B104-419E-AF8B-2AA70FB67168}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{F70341DC-4D1F-4B56-935D-272B09040030}" = protocol=6 | dir=out | app=system | 
"{F8714484-ACC1-41B1-85EC-D067FB157B97}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F8F827D9-F1D8-4F9B-88D5-D98760CD68A9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{FB6B1D33-8EA4-4078-8EC4-80006DF46621}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCF3EF38-C2AB-4C04-AECB-9FD386E3BBA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"5AB9160B769DD2E134ADCB8010377DECA2479378" = Windows-Treiberpaket - ASUS (ATP) Mouse  (11/09/2012 1.0.0.153)
"WinRAR archiver" = WinRAR 4.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{7765322A-8601-47D3-AC60-B66677450D7B}" = G Data InternetSecurity 2014
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 2.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2013 03:48:36 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.12333.289,
 Zeitstempel: 0x50b6db57  Name des fehlerhaften Moduls: AVKBap32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f221ee8  Ausnahmecode: 0xc00001a5  Fehleroffset: 0x72c93e90
ID
 des fehlerhaften Prozesses: 0x740  Startzeit der fehlerhaften Anwendung: 0x01ce35f3c2080953
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
Pfad
 des fehlerhaften Moduls: AVKBap32.dll  Berichtskennung: 0ae10fea-a66a-11e2-be80-08606e8d7c4c
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.04.2013 03:48:46 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.12333.289,
 Zeitstempel: 0x50b6db57  Name des fehlerhaften Moduls: AVKBap32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f221ee8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x72c73d6a
ID
 des fehlerhaften Prozesses: 0x740  Startzeit der fehlerhaften Anwendung: 0x01ce35f3c2080953
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
Pfad
 des fehlerhaften Moduls: AVKBap32.dll  Berichtskennung: 1125b317-a66a-11e2-be80-08606e8d7c4c
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 28.04.2013 03:40:05 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: irtihkh, Version: 0.0.0.0, Zeitstempel:
 0x45d6f9ac  Name des fehlerhaften Moduls: irtihkh, Version: 0.0.0.0, Zeitstempel:
 0x45d6f9ac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005d0d  ID des fehlerhaften Prozesses:
 0x7e4c  Startzeit der fehlerhaften Anwendung: 0x01ce43e394ced345  Pfad der fehlerhaften
 Anwendung: C:\Users\Mathias\AppData\Local\Temp\irtihkh  Pfad des fehlerhaften Moduls:
 C:\Users\Mathias\AppData\Local\Temp\irtihkh  Berichtskennung: d7915bb0-afd6-11e2-be81-08606e8d7c4c
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 29.04.2013 03:03:00 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: spoolsv.exe, Version: 6.2.9200.16384,
 Zeitstempel: 0x501080ef  Name des fehlerhaften Moduls: wsdapi.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108576  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001f587
ID
 des fehlerhaften Prozesses: 0x550  Startzeit der fehlerhaften Anwendung: 0x01ce3c0c9edeb510
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\spoolsv.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\System32\wsdapi.dll  Berichtskennung: d3c83c09-b09a-11e2-be81-08606e8d7c4c
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 29.04.2013 04:14:56 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wdekdjq, Version: 0.0.0.0, Zeitstempel:
 0x3f8676f2  Name des fehlerhaften Moduls: wdekdjq, Version: 0.0.0.0, Zeitstempel:
 0x3f8676f2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005d0d  ID des fehlerhaften Prozesses:
 0x7b10  Startzeit der fehlerhaften Anwendung: 0x01ce44b19d451020  Pfad der fehlerhaften
 Anwendung: C:\Users\Mathias\AppData\Local\Temp\wdekdjq  Pfad des fehlerhaften Moduls:
 C:\Users\Mathias\AppData\Local\Temp\wdekdjq  Berichtskennung: e0179c02-b0a4-11e2-be81-08606e8d7c4c
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 30.04.2013 08:46:13 | Computer Name = Laptop | Source = Brother BrLog | ID = 1001
Description = CTLCN BrtCTLCN: [2013/04/30 14:46:13.276]: [00002776]: brccMCtl.exe:
 ControlCenter3Dlg.cpp (0683)             : -------- Button ID Not Found.  
 
Error - 30.04.2013 09:00:58 | Computer Name = Laptop | Source = Brother BrLog | ID = 1001
Description = CTLCN BrtCTLCN: [2013/04/30 15:00:58.412]: [00002776]: brccMCtl.exe:
 ControlCenter3Dlg.cpp (0683)             : -------- Button ID Not Found.  
 
Error - 02.05.2013 04:22:47 | Computer Name = Laptop | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 02.05.2013 04:22:57 | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1268    Startzeit: 01ce470e31381a39    Endzeit: 4294967295    Anwendungspfad:
 C:\Windows\system32\wwahost.exe    Berichts-ID: 7972d19a-b301-11e2-be89-08606e8d7c4c
 
Vollständiger
 Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe
 
Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail  
 
Error - 02.05.2013 04:22:57 | Computer Name = Laptop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“
 ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
[ System Events ]
Error - 27.03.2013 04:45:52 | Computer Name = Laptop | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus
 lautet: 107.
 
Error - 02.04.2013 04:53:10 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 08.04.2013 12:56:56 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 08.04.2013 12:56:56 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 15.04.2013 03:56:31 | Computer Name = Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 16.04.2013 03:48:52 | Computer Name = Laptop | Source = Service Control Manager | ID = 7031
Description = Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 19.04.2013 03:44:16 | Computer Name = Laptop | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 19.04.2013 03:44:20 | Computer Name = Laptop | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 26.04.2013 02:58:05 | Computer Name = Laptop | Source = Service Control Manager | ID = 7031
Description = Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 26.04.2013 02:59:05 | Computer Name = Laptop | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts)
 durchzuführen, ist fehlgeschlagen. Fehler:   %%1058
 
 
< End of report >
         
--- --- ---

Alt 03.05.2013, 12:42   #2
t'john
/// Helfer-Team
 
BKA Trojaner und Windows 8 Problem - Standard

BKA Trojaner und Windows 8 Problem





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\lwir0.bat) - C:\ProgramData\lwir0.bat () 
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\lwir0.bat) - C:\ProgramData\lwir0.bat () 
[2013.04.29 20:26:23 | 000,000,000 | ---- | M] () -- C:\ProgramData\do3d9.dat 
[2013.04.29 19:14:06 | 095,023,320 | ---- | M] () -- C:\ProgramData\23lldnur.pad 
[2013.04.29 18:56:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\jeq7of.pad 
[2013.04.29 18:38:46 | 000,001,031 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk 
[2013.04.29 18:38:45 | 095,023,320 | ---- | M] () -- C:\ProgramData\9d3od.pad 
[2013.04.29 18:38:45 | 000,000,152 | ---- | M] () -- C:\ProgramData\jeq7of.reg 
[2013.04.29 18:38:45 | 000,000,056 | ---- | M] () -- C:\ProgramData\jeq7of.bat 
[2013.05.02 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Omep 
[2013.05.02 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Efuw 
[2013.05.02 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Acyf 
[2013.05.02 09:55:09 | 000,000,151 | ---- | M] () -- C:\ProgramData\lwir0.reg 
[2013.05.02 09:55:09 | 000,000,055 | ---- | M] () -- C:\ProgramData\lwir0.bat 
[2013.05.02 09:55:05 | 095,023,320 | ---- | C] () -- C:\ProgramData\lwir0.pad 

:Files 

ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 03.05.2013, 17:41   #3
Sin.Schumi
 
BKA Trojaner und Windows 8 Problem - Standard

BKA Trojaner und Windows 8 Problem



Hallo, so habe alles gemacht der Laptop funktioniert wieder DANKE

Habe aber noch die frage da "Combofix" nicht mehr unter Windows 8 funktioniert was die Alternative ist ???

Ich hatte Glück gehabt das Ich mit der Tastenkombi in den Taskmanager gekommen bin, da ja Win 8 keinen Abgesicherten Modus hat....

Gib es ein Programm das Ich über eine Bootdisk starten kann ??

Gruß Michael
__________________

Alt 03.05.2013, 20:03   #4
t'john
/// Helfer-Team
 
BKA Trojaner und Windows 8 Problem - Standard

BKA Trojaner und Windows 8 Problem



Bitte die Logs posten. Wir sind noch nicht fertig.
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.05.2013, 09:45   #5
Sin.Schumi
 
BKA Trojaner und Windows 8 Problem - Standard

BKA Trojaner und Windows 8 Problem



Hier die Logdateien:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 04/05/2013 um 09:16:38 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : ***** - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [542 octets] - [04/05/2013 09:16:38]

########## EOF - C:\AdwCleaner[S1].txt - [601 octets] ##########
         
--- --- ---


Zitat:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\PROGRA~3\lwir0.bat deleted successfully.
C:\ProgramData\lwir0.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\PROGRA~3\lwir0.bat deleted successfully.
File C:\ProgramData\lwir0.bat not found.
C:\ProgramData\do3d9.dat moved successfully.
C:\ProgramData\23lldnur.pad moved successfully.
C:\ProgramData\jeq7of.pad moved successfully.
C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
C:\ProgramData\9d3od.pad moved successfully.
C:\ProgramData\jeq7of.reg moved successfully.
C:\ProgramData\jeq7of.bat moved successfully.
C:\Users\Mathias\AppData\Roaming\Omep folder moved successfully.
C:\Users\Mathias\AppData\Roaming\Efuw folder moved successfully.
C:\Users\Mathias\AppData\Roaming\Acyf folder moved successfully.
C:\ProgramData\lwir0.reg moved successfully.
File C:\ProgramData\lwir0.bat not found.
C:\ProgramData\lwir0.pad moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mathias\Desktop\cmd.bat deleted successfully.
C:\Users\Mathias\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: *****
->Temp folder emptied: 4882552 bytes
->Temporary Internet Files folder emptied: 2924759 bytes
->Java cache emptied: 723480 bytes
->Flash cache emptied: 492 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7249789 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05032013_134946

Files\Folders moved on Reboot...
File\Folder C:\Users\Mathias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB6H6UGH\134415-bka-trojaner-windows-8-problem[1].htm not found!
C:\Users\Mathias\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Zitat:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.05.02.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
Mathias :: LAPTOP [Administrator]

Schutz: Aktiviert

04.05.2013 09:29:31
mbam-log-2013-05-04 (09-29-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 459210
Laufzeit: 1 Stunde(n), 13 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 04.05.2013, 13:18   #6
t'john
/// Helfer-Team
 
BKA Trojaner und Windows 8 Problem - Standard

BKA Trojaner und Windows 8 Problem



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> BKA Trojaner und Windows 8 Problem

Alt 19.06.2013, 07:36   #7
t'john
/// Helfer-Team
 
BKA Trojaner und Windows 8 Problem - Standard

BKA Trojaner und Windows 8 Problem



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu BKA Trojaner und Windows 8 Problem
abgesicherte, abgesicherten, arbeiten, arten, bildschirm, boardsuche, combofix, eingabeaufforderung, funktionier, funktioniert, gefunde, install.exe, mbam, modus, neustart, nvpciflt.sys, proble, problem, runter, starte, starten, taskmanager, troja, trojaner, versucht, vorgehen, windows



Ähnliche Themen: BKA Trojaner und Windows 8 Problem


  1. Trojaner-Warnung/PC-Problem: Liegt es an der Hardware oder an einem Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (7)
  2. Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (9)
  3. Windows 8.1: eventuelles Problem mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.12.2014 (12)
  4. Problem mit Trojaner Windows Passwort funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 05.04.2014 (6)
  5. Windows 7 64 Bit Trojaner! Problem beim Starten von: wgsdgsdgdsgsd.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 24.03.2014 (16)
  6. Problem Interpol Trojaner Windows XP Pro
    Log-Analyse und Auswertung - 13.10.2013 (9)
  7. Problem mit GUV Trojaner 2.11 auf Windows 7 Laptop
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (19)
  8. Welches Windows Update Trojaner Problem?
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (3)
  9. Problem mit Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 13.06.2012 (1)
  10. Problem mit Dateien durch Windows Verschlüsselungs Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  11. Windows - Delayed Write Failed/Windows detected a hard disk problem
    Log-Analyse und Auswertung - 12.12.2011 (1)
  12. Windows Recovery Fake Trojaner... Problem gelöst ?
    Log-Analyse und Auswertung - 19.06.2011 (1)
  13. gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-me
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (1)
  14. Trojaner Problem: "Windows Explorer funktioniert nicht mehr"
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (13)
  15. Windows Explorer Problem/ Trojaner?
    Log-Analyse und Auswertung - 07.06.2010 (8)
  16. Trojaner-Befall Windows/system32/nvsvc32.exe - Problem gelöst?
    Plagegeister aller Art und deren Bekämpfung - 12.11.2009 (14)
  17. bitte logfile-auswertung - trojaner? + windows-problem
    Log-Analyse und Auswertung - 19.05.2008 (11)

Zum Thema BKA Trojaner und Windows 8 Problem - Hallo, habe mir den BKA Trojaner gefangen...leider hat Windows 8 keinen Abgesicherten Modus Ich habe es nun nach viel hin und her geschafft über den Taskmanager MBAM zu starten und - BKA Trojaner und Windows 8 Problem...
Archiv
Du betrachtest: BKA Trojaner und Windows 8 Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.