Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter

aharonov · 06.06.2013, 21:39

Der ESET-Scan kann sehr lange dauern, das ist völlig normal.

ms11 · 10.06.2013, 22:03

Schritt 3:

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03a14af40b0f1043b036f740d8aac22f
# engine=14007
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-05 09:23:08
# local_time=2013-06-05 11:23:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=513 16777149 100 97 2057 116230059 0 0
# compatibility_mode=5893 16776573 100 94 94266 122097238 0 0
# scanned=103
# found=0
# cleaned=0
# scan_time=963
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03a14af40b0f1043b036f740d8aac22f
# engine=14007
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-05 09:30:07
# local_time=2013-06-05 11:30:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=513 16777149 100 97 2476 116230478 0 0
# compatibility_mode=5893 16776573 100 94 94685 122097657 0 0
# scanned=95
# found=0
# cleaned=0
# scan_time=342
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03a14af40b0f1043b036f740d8aac22f
# engine=14015
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-06 09:33:22
# local_time=2013-06-06 11:33:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=513 16777149 100 97 14001 116317073 0 0
# compatibility_mode=5893 16776573 100 94 181280 122184252 0 0
# scanned=53771
# found=0
# cleaned=0
# scan_time=13185
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=03a14af40b0f1043b036f740d8aac22f
# engine=14043
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-10 08:31:52
# local_time=2013-06-10 10:31:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=513 16777149 100 97 9075 116658983 0 0
# compatibility_mode=5893 16776573 100 94 523190 122526162 0 0
# scanned=320903
# found=0
# cleaned=0
# scan_time=8568

aharonov · 10.06.2013, 22:09

Ok, dann sind wir bald durch. Die verbleibenden beiden Schritte gehen wieder schnell.

ms11 · 10.06.2013, 22:11

Schritt 4:

Results of screen317's Security Check version 0.99.64
Windows 7 x64
Out of date service pack!!
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Trend Micro Internet Security
AntiVir Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 39
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avguard.exe
Malte Downloads SecurityCheck.exe
Malte AppData Local Temp\RarSFX0\SecurityCheck\Objlist.exe
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security UfSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Schritt 5:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.06.2013 23:15:38 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Malte\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 39,19% Memory free
7,85 Gb Paging File | 5,19 Gb Available in Paging File | 66,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 10,19 Gb Free Space | 8,75% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 30,93 Gb Free Space | 9,24% Space Free | Partition Type: NTFS
Drive M: | 3,73 Gb Total Space | 3,70 Gb Free Space | 99,25% Space Free | Partition Type: FAT32
 
Computer Name: ASUS_MALTE | User Name: Malte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.10 23:06:28 | 000,890,839 | ---- | M] () -- C:\Users\Malte\Downloads\SecurityCheck.exe
PRC - [2013.06.03 21:03:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malte\Desktop\OTL.exe
PRC - [2013.05.26 22:50:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Malte\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.19 13:22:50 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.07.24 03:28:30 | 001,552,384 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011.07.14 15:45:14 | 000,279,552 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2011.06.28 21:08:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 17:23:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.18 00:29:28 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2010.01.09 08:42:53 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.11.21 05:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.11.12 20:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.27 06:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.10.26 20:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.09.01 11:00:09 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
PRC - [2009.08.20 06:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009.08.12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009.07.07 00:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.12.05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2005.01.24 20:58:02 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe
PRC - [2005.01.24 19:36:52 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.10 23:06:28 | 000,890,839 | ---- | M] () -- C:\Users\Malte\Downloads\SecurityCheck.exe
MOD - [2013.05.26 22:50:12 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.05.19 13:22:49 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.14 00:19:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll
MOD - [2013.02.14 00:19:02 | 010,578,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\006a1cc96c69dcec01429459532153fb\System.Design.ni.dll
MOD - [2013.02.14 00:18:58 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll
MOD - [2013.02.14 00:18:45 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.10 11:36:23 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll
MOD - [2013.01.10 11:36:16 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013.01.10 00:24:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 00:24:20 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll
MOD - [2013.01.10 00:24:19 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll
MOD - [2013.01.10 00:23:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.10 00:23:44 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll
MOD - [2013.01.10 00:23:44 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\612bad9f3a4f378c9c09cbb7460e3a93\Accessibility.ni.dll
MOD - [2013.01.10 00:23:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.01.10 00:23:30 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\a412f0883db9c3276979d690a071dbfe\System.Security.ni.dll
MOD - [2013.01.10 00:23:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013.01.10 00:23:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.10 00:23:23 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.10 00:23:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.07.14 15:43:08 | 000,381,952 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2009.11.12 20:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.09.24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.08.04 11:49:50 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.08.04 11:49:46 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.08.04 11:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.06.10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2005.01.24 20:58:02 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.10.09 11:00:14 | 000,859,712 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009.11.18 07:45:39 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.09.29 18:32:31 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009.09.29 18:32:29 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009.09.17 21:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.07 00:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013.05.26 22:50:12 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.19 13:22:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011.06.28 21:08:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 17:23:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.18 00:29:28 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.05 17:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2005.01.26 16:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005.01.26 16:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.01.26 16:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005.01.24 19:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.12 16:02:24 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.06.20 22:53:05 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.12 12:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2011.07.12 12:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2011.07.12 12:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2011.06.28 21:08:14 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 21:08:14 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.20 17:15:54 | 000,058,880 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm)
DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter)
DRV:64bit: - [2011.05.20 17:15:54 | 000,056,320 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum)
DRV:64bit: - [2011.05.20 17:15:52 | 000,079,872 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm)
DRV:64bit: - [2011.05.20 17:15:52 | 000,014,336 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.22 16:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.09.01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.01.15 23:15:37 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.11.21 05:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.21 05:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.18 08:21:19 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.10.05 03:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.30 03:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.29 18:33:17 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.08.07 00:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.08.06 23:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.20 12:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.05.13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 21:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009.09.02 02:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/08 21:59:00] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Malte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.02.01 01:29:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.26 22:50:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.26 22:50:03 | 000,000,000 | ---D | M]
 
[2010.04.18 13:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\Extensions
[2013.06.05 22:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\Firefox\Profiles\rtjwuswc.default\extensions
[2012.12.11 13:19:29 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.02.15 22:24:12 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-10.xml
[2011.08.18 19:16:18 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-4.xml
[2011.09.03 10:17:54 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-5.xml
[2011.09.10 18:37:36 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-6.xml
[2011.10.03 20:21:57 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-7.xml
[2011.11.18 00:14:50 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-8.xml
[2011.12.23 16:31:54 | 000,000,950 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\mozilla\firefox\profiles\rtjwuswc.default\searchplugins\icqplugin-9.xml
[2013.05.26 22:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.26 22:50:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.05.26 22:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.26 22:50:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - homepage: 
 
O1 HOSTS File: ([2013.06.04 21:13:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [SsAAD.exe] C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe ()
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - Startup: C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Malte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292277551-2420784053-1220456319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Malte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Malte\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D95502-B91E-4DFF-90DA-1BF106E16695}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B52E503-6FE7-45D9-92FE-310FB23D15D1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BAA87F7-63AE-4665-8150-3F1034E11519}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0F92485-94A5-433C-871E-9BBB71EF735E}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.02 16:16:56 | 000,000,000 | ---D | M] - D:\Auto CD -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.10 19:46:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.06 23:36:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.06.06 19:51:49 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Malte\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 19:51:11 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.06.05 22:50:53 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Malwarebytes
[2013.06.05 22:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.05 22:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.05 22:50:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.05 22:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.05 22:31:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.05 22:30:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Malte\Desktop\OTL.exe
[2013.06.04 21:21:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.04 20:58:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.04 20:58:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.04 20:58:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.04 20:58:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.04 20:57:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.04 20:56:03 | 005,077,441 | R--- | C] (Swearware) -- C:\Users\Malte\Desktop\ComboFix.exe
[2013.05.27 15:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.27 15:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.26 22:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.26 20:36:37 | 000,000,000 | ---D | C] -- C:\Users\Malte\Desktop\Klarinette
[2013.05.20 21:38:11 | 000,000,000 | ---D | C] -- C:\Users\Malte\Desktop\Neuer Ordner (3)
[2013.05.17 21:41:02 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\FLEXnet
[2013.05.17 21:32:50 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Roaming\Vodafone
[2013.05.17 21:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2013.05.17 21:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2013.05.17 21:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2013.05.17 21:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.05.17 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Malte\AppData\Local\{EBB94E3B-3BF9-4353-8238-02E9637A682C}
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.10 22:21:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 19:53:41 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 19:53:41 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 19:45:29 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.06.10 19:45:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.10 19:45:16 | 3161,874,432 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.06 19:25:21 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.06.05 23:02:44 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Malte\Desktop\esetsmartinstaller_enu.exe
[2013.06.05 22:50:36 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.04 23:03:26 | 000,165,376 | ---- | M] () -- C:\Users\Malte\Desktop\SystemLook_x64.exe
[2013.06.04 21:13:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.04 20:46:05 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.04 20:46:05 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.04 20:46:05 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.04 20:46:05 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.04 20:46:05 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.04 20:44:44 | 005,077,441 | R--- | M] (Swearware) -- C:\Users\Malte\Desktop\ComboFix.exe
[2013.06.03 21:03:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malte\Desktop\OTL.exe
[2013.05.29 21:01:19 | 000,001,055 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.29 21:01:00 | 000,001,023 | ---- | M] () -- C:\Users\Malte\Desktop\Dropbox.lnk
[2013.05.19 23:09:55 | 000,000,145 | ---- | M] () -- C:\Users\Malte\AppData\Roaming\default.rss
[2013.05.18 17:56:21 | 000,002,189 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.05.18 17:56:20 | 000,482,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.18 17:56:20 | 000,001,779 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.05.17 21:32:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf
[2013.05.17 21:32:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf
[2013.05.17 21:32:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf
[2013.05.17 21:31:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.05.17 21:30:46 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.05 22:50:36 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.04 23:07:17 | 000,165,376 | ---- | C] () -- C:\Users\Malte\Desktop\SystemLook_x64.exe
[2013.06.04 20:58:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.04 20:58:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.04 20:58:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.04 20:58:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.04 20:58:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.20 21:36:12 | 000,001,055 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.17 21:32:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_ecm_01009.Wdf
[2013.05.17 21:32:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_cdc_acm_01009.Wdf
[2013.05.17 21:32:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_zte_ecm_enum_01009.Wdf
[2013.05.17 21:31:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.05.17 21:30:46 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2012.12.17 09:13:23 | 000,006,656 | ---- | C] () -- C:\Users\Malte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.27 22:41:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.27 18:35:50 | 000,007,597 | ---- | C] () -- C:\Users\Malte\AppData\Local\Resmon.ResmonCfg
[2012.01.10 10:37:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.07.12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010.01.19 17:33:09 | 000,000,145 | ---- | C] () -- C:\Users\Malte\AppData\Roaming\default.rss
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.12.12 19:56:00 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\click
[2012.04.18 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\DAEMON Tools Lite
[2012.05.14 21:50:42 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\DriverFinder
[2013.06.10 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Dropbox
[2011.07.16 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\DVDVideoSoft
[2012.04.29 20:31:31 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\GetRightToGo
[2010.01.15 21:26:06 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\GoBoingo
[2011.05.28 13:55:46 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\HTC
[2011.05.28 13:54:59 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013.02.08 21:40:05 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\ICQ
[2012.03.30 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Langenscheidt
[2011.10.04 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Notepad++
[2013.02.21 20:05:07 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\OpenOffice.org
[2011.05.28 13:55:46 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Outlook
[2010.04.22 14:39:37 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\PlagiarismFinder
[2012.04.28 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\ProtectDISC
[2013.01.28 13:34:55 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Unity
[2013.05.17 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\Vodafone
[2013.05.05 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\www.rene-zeidler.de
[2012.07.20 20:35:56 | 000,000,000 | ---D | M] -- C:\Users\Malte\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

aharonov · 10.06.2013, 22:43

Ok, bleiben noch dir Updates. Da fehlt das Service Pack 1 - das ist nicht so gut...

Schritt 1

Gehe bitte zu Start --> Alle Programme --> Windows Update.
Klicke dann links auf Nach Updates suchen und warte, bis die Suche beendet ist.
Drücke dann auf Updates installieren.
Starte nach Beendigung der Installation den Rechner neu auf.
Wiederhole diese Schritte, bis keine neuen Updates mehr verfügbar sind.

Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 21.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:

Lade dir die neueste Java-Version herunter.
Schliesse alle laufenden Programme, speziell den Browser.
Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Schritt 3

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 4

Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von SecurityCheck

ms11 · 12.06.2013, 22:03

Results of screen317's Security Check version 0.99.64
Windows 7 x64
Out of date service pack!!
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Trend Micro Internet Security
AntiVir Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 39
Java 7 Update 21
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avguard.exe
Malte AppData Roaming Dropbox\bin\Dropbox.exe
Malte Downloads SecurityCheck(1).exe
Malte AppData Local Temp\RarSFX0\SecurityCheck\Objlist.exe
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security UfSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

aharonov · 12.06.2013, 22:09

Hi,

es scheint immer noch eine Java-Version "Java(TM) 6 Update 39" installiert zu sein.
Und auch das mit dem Service Pack wollte nicht so ganz klappen..

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort folgenden Eintrag.
- Java(TM) 6 Update 39
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Lade das Service Pack 1 für Windows 7 herunter und installiere es.

Schritt 3

Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von SecurityCheck

aharonov · 18.06.2013, 21:28

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

aharonov · 20.06.2013, 15:23

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

06.06.2013, 21:39	#16
aharonov /// TB-Ausbilder	Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Der ESET-Scan kann sehr lange dauern, das ist völlig normal. __________________ cheers, Leo

10.06.2013, 22:09	#18
aharonov /// TB-Ausbilder	Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Ok, dann sind wir bald durch. Die verbleibenden beiden Schritte gehen wieder schnell. __________________ __________________

18.06.2013, 21:28	#23
aharonov /// TB-Ausbilder	Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. __________________ cheers, Leo

Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter

Log-Analyse und Auswertung: Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter