Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: vermuteter Malware Befall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.06.2013, 23:02   #1
hinkes
 
vermuteter Malware Befall - Standard

vermuteter Malware Befall



Hi,

ich vermute auf meinem Laptop ein Problem, er braucht ewig, ist nahezu immer voll ausgelastet.

bei mir läuft antivir-Premium. Das sagt, alles i.o.

ich habe ein Logfile mit HijackThis erstellt. Eventuell kann mir jemand helfen.

Gruß, Martin

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:33:49, on 04.06.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE
C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Users\Martin\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"
O4 - Startup: Dropbox.lnk = Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\tnnsqq5vr.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

--
End of file - 7116 bytes

Alt 04.06.2013, 23:04   #2
schrauber
/// the machine
/// TB-Ausbilder
 

vermuteter Malware Befall - Standard

vermuteter Malware Befall



Hi,

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 05.06.2013, 06:55   #3
hinkes
 
vermuteter Malware Befall - Standard

vermuteter Malware Befall



Guten morgen,

danke für die rasche antwort,

hier die 2 Log files:

1:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.06.2013 06:37:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 44,01% Memory free
5,93 Gb Paging File | 4,32 Gb Available in Paging File | 72,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 67,42 Gb Free Space | 67,42% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 37,84 Gb Free Space | 25,83% Space Free | Partition Type: NTFS
Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Dnscache) -- %SystemRoot%\System32\poualsxux.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M]
 
[2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\windows\system32\tnnsqq5vr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.04 23:05:45 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip
[2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox
[2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox
[2013.05.06 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.06 22:00:19 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013.05.06 22:00:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.05.06 22:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.05 06:30:35 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 06:30:35 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 06:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.05 06:27:53 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.05 06:27:53 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.05 06:27:53 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.05 06:27:53 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.05 06:23:14 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.05 06:23:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.05 06:22:56 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,041 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013.05.06 22:00:05 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,041 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini
[2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx
[2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini
[2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

2:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.06.2013 06:37:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 44,01% Memory free
5,93 Gb Paging File | 4,32 Gb Available in Paging File | 72,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 67,42 Gb Free Space | 67,42% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 37,84 Gb Free Space | 25,83% Space Free | Partition Type: NTFS
Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032C26F1-9A6E-43A8-A075-5F26B2C878F5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0673425E-DB82-4994-8486-CE7C61250971}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{094AB46C-9C6C-45DE-A2D5-28DF807B90B6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{16948452-BD43-4F4C-9943-87144D668E72}" = rport=445 | protocol=6 | dir=out | app=system | 
"{19149A53-466D-45E4-AA3D-0881C17BA7E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1EDCAF4C-BAD7-4565-B7FD-9B2C5976D716}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{331784AE-84CA-4EFD-B02B-06CA36A443ED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{370D4CC9-6BD9-43C3-9C9F-08E2E75B3F31}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{3B97BB6F-FEEB-4041-86DD-27D1E076C896}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{411F3EB4-0F80-4282-8F2D-BE7D41B07B19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{59D958CF-0C3F-4134-A5BD-A2E14473E8CB}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63C05E50-10A5-45B6-BC5B-AD3844EA1ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{675C7826-7E79-4E57-A7A3-F9577E86B0E0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{6D06E2ED-8472-4070-82A9-8489507AA558}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D2EB7B8-C299-4A76-AB95-1685787F35D8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6E42E609-9AE3-46CF-8774-F518934EBF9F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{72295B11-4A69-4DB3-A396-9A3295705743}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{88724D48-57BC-49B2-8DE8-D5A00D69035D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8963EC19-9607-4D42-952F-2C65CC781B81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F66D02C-8EAC-4027-94A8-4B83F103729E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{92927D5D-166D-4F7D-B756-1096E104E2A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{998B23D5-59DC-4B5F-BB32-2F4A511D348A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9B4C67B0-03D7-4E57-9602-512F6BE2DC7F}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{A4A5A8CA-4A6C-4A8B-ABF3-8CAFB07BD4F9}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A632A43E-0348-41A3-AC7D-88C693B56484}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A670B960-B4ED-4FE2-B09D-1C89C22A5CC1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{A87D8F78-F18C-4534-84A1-3E5086C7CD9F}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{B13A7DE0-4EE9-4AC9-BD68-94128E8B43EF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3E25F0B-0CCA-4DFE-9B4D-F73B2097B21B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE1CDF9C-08A8-46BD-9F47-806C5958622E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA68B580-4183-46C8-B81F-149744042611}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CCFEAB47-C554-4D0A-8896-B3A2CAB9425C}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{D8F7D2CC-B84C-475A-BBDC-1F82B921A99B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D982428C-AD5F-47D9-B995-587177C12D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1649F28-9125-42D2-9293-C5FE1264247A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E77B59A2-81DD-4338-9D6A-32C1B407F11E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F00B9706-48D1-499F-9554-4C498CE11982}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FEB504E9-5122-4E6E-9577-D88C0F2CCA97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C9D321-3571-43AE-A80E-3687DA9EDAB4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{0C47B76F-CEA9-4BBA-B391-4CE728ED8A53}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{0D5437E4-3D6F-413A-977E-931FBCD74088}" = dir=out | app=c:\windows\system32\igrssvcs.exe | 
"{0DF9465E-C7A4-4A01-8883-D6260E1BFC33}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | 
"{2FA7B683-1FEE-4606-ADFE-D6C54F0B0D80}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{301C3719-A4A1-4083-AA06-229E10B2B1D4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{308569D4-D0BF-495D-A76D-A90BE91751F4}" = protocol=6 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe | 
"{3B193607-CFAE-48DB-ADDE-0BA51A9F4F75}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{3DB2062B-C1A8-4AD8-83EA-20B11C80CB48}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4FFD86BC-FCF9-4B86-988D-48020DFD256A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{53BEB3FC-DA3B-47A4-A7FE-303C7988CFBF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D1CE614-C903-4DE4-ACCE-DE4AF305DA6B}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{733A9B6E-F3DF-422B-94E5-7E3B8D161896}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7368A7DE-69DA-4271-A950-4D2B4194AEE7}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{749694AD-AB2B-4107-8DB7-183DC3BB27B3}" = dir=in | app=c:\windows\system32\igrssvcs.exe | 
"{7D2D5FA4-5885-48F2-BFD6-65F8072322C5}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{884E3691-4123-4D09-A4E6-E20EC319BCB4}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{893DFB42-24EF-42E2-BC24-8720DEC40035}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A71E731-E6F6-4B68-BAAA-A5E0AC88F31D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8DF2AF65-5864-427E-8501-BE79F9318343}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{92138714-641E-4CD5-A5CF-A0EF88782A83}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{9356AAC3-DD7E-4E49-AAC8-1C97B667097D}" = protocol=17 | dir=in | app=c:\program files\epson software\ecprintersetup\enpapp.exe | 
"{983B51C3-CE26-42DD-8746-9A60BD157F47}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{9AF186E6-07DB-4F3C-9760-DBDD7DF5AB42}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{B2B1A8EF-9170-4C90-A504-3D0856F87216}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{B59EF72A-B51F-443D-9006-D667E6A21CD6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{B908669C-E2A6-4DD3-A058-4C4E7460CBF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BFD22F70-DC2F-4713-ADB9-CC1698A133FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C07A57AD-4A19-42EA-8F96-2346F4FFDA46}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{C3BBD7A1-AF60-4A88-B67D-BFFD9BD2E996}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{C50C12B9-C5C8-4B68-9D91-19FD9BCD7122}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C51D704B-43EA-49CD-9BA3-E007BBA885DA}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{DD067A4E-FF22-4270-8F3B-74DFDEF9A92F}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DE832482-4ED9-44EE-B344-95C48AA0B9F9}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{EB55D631-948C-439B-BEFC-0CEB9CCB6348}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EBE09E8D-F486-4FA5-85AE-49310A725346}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{ED49E9FA-41E7-4368-B1B8-F8FA403A466C}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{F49820FD-3A1D-4588-A6CC-22F579504532}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{F934F81B-66DA-4FFF-9277-D0EE85328D19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA98EC33-0239-43FC-ADE9-861295E1C280}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{FE7204AD-D01B-4E20-8C67-C8207312CB70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FE8E39A8-90A4-48C9-A707-F10A036DC32D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FEAAEC88-85BE-4BA3-81A7-01D172F65752}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{FEAB198E-1A3F-4D23-A47B-736056937244}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1395B4AE-4BE2-49EF-BB42-D893F4507F7F}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{4F28B047-ED03-4FBD-BA3A-CD10AD3AC808}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{03FF4745-8C70-493E-9BD9-40CE22739C7C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{F7E2E809-4F30-4BFD-B42E-C2829C570ADF}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0B914F2C-6CC2-4328-B84E-411A81B50FA4}" = Steuer-Sparer 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"B4DFFB06B716298277125094C48185BFE8B5A7E1" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EAGLE 6.4.0" = EAGLE 6.4.0
"EasyCapture4.0" = EasyCapture
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"GanttProject" = GanttProject
"GIMP-2_is1" = GIMP 2.8.2
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.8g
"VLC media player" = VLC media player 2.0.1
"WavePad" = WavePad Audiobearbeitungs-Software
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.67
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.12.2012 07:30:07 | Computer Name = Martin-PC | Source = RpcNs | ID = 2
Description = 
 
Error - 02.01.2013 09:56:36 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
 Zeitstempel: 0x50b7198b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00144ed8  ID des fehlerhaften
 Prozesses: 0xfe0  Startzeit der fehlerhaften Anwendung: 0x01cde8f049dc7d5a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 38c0fe9f-54e4-11e2-bf7c-002622d7ab25
 
Error - 10.01.2013 11:18:06 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUicnt.exe, Version: 4.0.228.0, 
Zeitstempel: 0x4d50670d  Name des fehlerhaften Moduls: ieframe.dll, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2fe39  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000f22d2  ID des fehlerhaften
 Prozesses: 0x1704  Startzeit der fehlerhaften Anwendung: 0x01cdef4571eec326  Pfad der
 fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\3.0.285\McUicnt.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\System32\ieframe.dll  Berichtskennung: eece3793-5b38-11e2-be31-0c6076badff3
 
Error - 10.01.2013 11:18:15 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McUicnt.exe, Version: 4.0.228.0, 
Zeitstempel: 0x4d50670d  Name des fehlerhaften Moduls: ieframe.dll, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2fe39  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000f22d2  ID des fehlerhaften
 Prozesses: 0x1704  Startzeit der fehlerhaften Anwendung: 0x01cdef4571eec326  Pfad der
 fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\3.0.285\McUicnt.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\System32\ieframe.dll  Berichtskennung: f3c22474-5b38-11e2-be31-0c6076badff3
 
Error - 20.01.2013 06:59:19 | Computer Name = Martin-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 29.01.2013 14:09:28 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 18.0.1.4764,
 Zeitstempel: 0x50f705c6  Name des fehlerhaften Moduls: xul.dll, Version: 18.0.1.4764,
 Zeitstempel: 0x50f704c6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00117a68  ID des fehlerhaften
 Prozesses: 0x170c  Startzeit der fehlerhaften Anwendung: 0x01cdfe489b15915f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 0506ef78-6a3f-11e2-8a55-0c6076badff3
 
Error - 29.01.2013 14:09:34 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667,
 Zeitstempel: 0x4c7dc5a1  Name des fehlerhaften Moduls: gdiplus.dll, Version: 6.1.7600.17007,
 Zeitstempel: 0x4f923628  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000aa1fe  ID des fehlerhaften
 Prozesses: 0x6bb0  Startzeit der fehlerhaften Anwendung: 0x01cdfe4bc73dd415  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe  Pfad 
des fehlerhaften Moduls: C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll
Berichtskennung:
 0872179b-6a3f-11e2-8a55-0c6076badff3
 
Error - 29.01.2013 14:16:22 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccb3  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.17135,
 Zeitstempel: 0x506dbeae  Ausnahmecode: 0x0000046b  Fehleroffset: 0x0000969b  ID des fehlerhaften
 Prozesses: 0x133c  Startzeit der fehlerhaften Anwendung: 0x01cdfe4868c1628f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe  Pfad 
des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll  Berichtskennung: fbb5c4c4-6a3f-11e2-8a55-0c6076badff3
 
Error - 22.02.2013 12:15:51 | Computer Name = Martin-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1128    Startzeit:
 01ce111738aaf065    Endzeit: 15    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 1e926233-7d0b-11e2-8693-0c6076badff3  
 
Error - 11.03.2013 12:31:33 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
 Zeitstempel: 0x511ed1c1  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794,
 Zeitstempel: 0x511ed0fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00155858  ID des fehlerhaften
 Prozesses: 0x14a0  Startzeit der fehlerhaften Anwendung: 0x01ce1e75dd475695  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 2270e82e-8a69-11e2-8762-0c6076badff3
 
[ System Events ]
Error - 05.06.2013 00:27:16 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:28:22 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:28:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:30:20 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:32:26 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:37:26 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:39:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:44:34 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:46:42 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
Error - 05.06.2013 00:51:42 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:   %%126
 
 
< End of report >
         
--- --- ---
__________________

Alt 05.06.2013, 09:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 

vermuteter Malware Befall - Standard

vermuteter Malware Befall



Definitiv BEfall:

Code:
ATTFilter
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /600
         
Das bitte in die Box bei OTL kopieren und auf Scan klicken, Logfile posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.06.2013, 16:36   #5
hinkes
 
vermuteter Malware Befall - Standard

vermuteter Malware Befall



Hi,

bitteschönOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.06.2013 16:02:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,21% Memory free
5,93 Gb Paging File | 4,66 Gb Available in Paging File | 78,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 68,37 Gb Free Space | 68,37% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 37,84 Gb Free Space | 25,83% Space Free | Partition Type: NTFS
Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Dnscache) -- %SystemRoot%\System32\poualsxux.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M]
 
[2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\windows\system32\tnnsqq5vr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 06:57:51 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip
[2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox
[2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox
[2013.05.06 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.06 22:00:19 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.05.06 22:00:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013.05.06 22:00:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.05.06 22:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 16:07:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 16:07:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 16:06:11 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.05 16:06:11 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.05 16:06:11 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.05 16:06:11 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.05 15:59:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.05 15:59:37 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.05 06:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,041 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013.05.06 22:00:05 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.05.06 22:00:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,041 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini
[2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx
[2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini
[2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 6
"ProviderFileName0" = unimdm.tsp -- [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 5
"ProviderID4" = 5
"ProviderFilename4" = incvoyi0y.tsp
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{9811ECB5-E8F9-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{9811ECB5-E8F9-48B9 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2009.07.14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009.07.14 03:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
"MaxCollectionCount" = 32
"MaxThreads" = 30
"MaxCmds" = 30
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\poualsxux.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation)
"ServiceMain" = SetAccessPolicy
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2009.07.14 03:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
"IgrsSvcs" = ReadyComm.DirectRouterPS_MDP [binary data]
"" = 
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\remotesp.tsp
[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /600 >
[2013.02.12 17:07:48 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.03.09 20:18:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.04 06:43:52 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.04 04:43:34 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.04 04:43:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.01.04 04:43:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.04 04:43:34 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.12.16 16:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 23:23:55 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 23:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2012.03.09 20:16:51 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll
[2011.12.23 21:58:24 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll
[2012.06.02 06:45:21 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 06:45:21 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.19 06:54:22 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2012.03.03 07:40:09 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2012.03.03 07:40:10 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2012.03.03 07:40:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2012.03.03 07:40:09 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2011.12.23 21:58:18 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll
[2012.11.02 06:48:28 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2012.03.03 07:40:21 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2012.03.09 20:18:39 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2012.03.09 20:18:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2011.10.15 07:48:52 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2012.03.09 20:16:52 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ExplorerFrame.dll
[2012.12.07 13:29:57 | 000,008,192 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\system32\E_DCINST.DLL
[2012.12.07 13:29:57 | 000,081,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TD4BHTU.DLL
[2012.12.07 13:29:57 | 000,095,232 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TLBHTU.DLL
[2012.03.09 20:16:52 | 000,801,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll
[2012.03.09 20:18:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2012.03.09 20:18:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2012.03.09 20:18:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll
[2012.03.09 20:18:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll
[2012.03.09 20:18:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll
[2012.03.09 20:18:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2012.03.09 20:18:39 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.02.22 05:47:17 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012.03.09 20:18:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2012.03.09 20:18:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.02.22 05:32:05 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.03.09 20:18:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2012.03.09 20:18:40 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.02.22 05:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:45:05 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012.03.09 20:18:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2012.03.09 20:18:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll
[2013.02.22 05:34:18 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.02.22 05:46:00 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.02.22 05:35:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:54:04 | 000,541,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2013.01.04 06:46:33 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2013.01.04 06:46:33 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2012.03.09 20:18:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.05.14 06:37:47 | 000,768,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2011.11.17 07:38:39 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll
[2011.12.23 21:58:24 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll
[2011.12.23 21:58:24 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll
[2011.12.23 21:58:24 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\system32\MAMACExtract.dll
[2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll
[2012.03.09 20:16:51 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mf.dll
[2012.03.09 20:16:50 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfreadwrite.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll
[2011.12.23 21:58:24 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll
[2013.02.22 05:33:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012.03.09 20:18:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2011.12.23 21:58:24 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll
[2013.02.22 06:05:50 | 012,324,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.02.22 05:31:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.03.09 20:18:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2012.03.09 20:18:41 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2011.12.23 21:58:24 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll
[2012.03.09 20:18:41 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2013.02.12 17:13:55 | 002,691,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2011.12.16 09:59:17 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.06 07:09:46 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.02 06:50:33 | 001,388,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2011.12.23 21:58:24 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll
[2011.12.23 21:58:24 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll
[2011.12.23 21:58:24 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll
[2011.12.23 21:58:24 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll
[2012.11.20 07:10:07 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.07.04 23:26:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2011.11.17 07:41:38 | 001,288,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.03.09 20:18:38 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2011.11.19 16:06:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2012.03.09 20:18:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2011.10.26 06:28:25 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:28:26 | 001,328,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.15 07:44:57 | 000,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.04.26 06:48:52 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll
[2012.04.26 06:48:52 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll
[2011.12.23 21:58:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll
[2012.06.02 06:48:35 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2011.11.17 07:39:21 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2011.11.17 07:39:24 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2011.11.17 07:39:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll
[2012.09.25 23:55:17 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.02.12 15:59:49 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.11.09 06:49:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2011.12.06 21:55:56 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
[2013.02.22 05:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.02.22 05:38:39 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2013.02.22 05:34:03 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2011.12.08 06:22:26 | 001,416,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WdfCoInstaller01005.dll
[2012.03.09 20:18:39 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2011.11.17 07:39:28 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.11.09 06:49:55 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll
[2013.02.22 05:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.01.04 06:50:40 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2012.08.24 19:10:47 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.09.28 23:14:05 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WinUSBCoInstaller2.dll
[2012.03.01 07:40:44 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.03.09 20:16:53 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2012.03.09 20:16:52 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2012.03.09 20:16:51 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[2012.03.09 20:16:52 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsRasterService.dll

< End of report >
         
--- --- ---


Alt 05.06.2013, 17:28   #6
schrauber
/// the machine
/// TB-Ausbilder
 

vermuteter Malware Befall - Standard

vermuteter Malware Befall



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2011.12.06 21:55:56 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderFilename4"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]
:files
C:\Windows\System32\poualsxux.dll
C:\Windows\System32\incvoyi0y.tsp
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Und dann bitte ein frisches OTL Scanlog mit dem gleichen Customscan wie eben.
__________________
--> vermuteter Malware Befall

Alt 06.06.2013, 07:56   #7
hinkes
 
vermuteter Malware Befall - Standard

vermuteter Malware Befall



Guten morgen,

bitteschönOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.06.2013 07:36:37 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,76% Memory free
5,93 Gb Paging File | 4,68 Gb Available in Paging File | 78,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 69,46 Gb Free Space | 69,46% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 39,44 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Update-Service) -- %SystemRoot%\System32\UpdSvc.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M]
 
[2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\windows\system32\tnnsqq5vr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 07:18:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 07:15:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\archiv
[2013.06.05 16:39:51 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip
[2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox
[2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 07:37:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 07:37:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 07:36:29 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.06 07:36:29 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.06 07:36:29 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.06 07:36:29 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.06 07:30:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.06 07:29:57 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.06 07:28:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,041 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,041 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini
[2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx
[2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini
[2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 6
"ProviderFileName0" = unimdm.tsp -- [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 5
"ProviderID4" = 5
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{9811ECB5-E8F9-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{9811ECB5-E8F9-48B9 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2009.07.14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2009.07.14 03:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
"MaxCollectionCount" = 32
"MaxThreads" = 30
"MaxCmds" = 30
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.03 07:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation)
"ServiceMain" = SetAccessPolicy
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2009.07.14 03:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
"IgrsSvcs" = ReadyComm.DirectRouterPS_MDP [binary data]
"" = 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\remotesp.tsp
[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /600 >
[2013.02.12 17:07:48 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.03.09 20:18:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.04 06:43:52 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.04 04:43:34 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.04 04:43:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.01.04 04:43:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.04 04:43:34 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.12.16 16:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 23:23:55 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 23:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2012.03.09 20:16:51 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll
[2011.12.23 21:58:24 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll
[2012.06.02 06:45:21 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 06:45:21 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 06:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.19 06:54:22 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2012.03.03 07:40:09 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2012.03.03 07:40:10 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2012.03.03 07:40:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2012.03.03 07:40:09 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.05.06 22:00:05 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2011.12.23 21:58:18 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll
[2012.11.02 06:48:28 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2012.03.03 07:40:21 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2012.03.09 20:18:39 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2012.03.09 20:18:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2012.03.09 20:16:52 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ExplorerFrame.dll
[2012.12.07 13:29:57 | 000,008,192 | ---- | M] (SEIKO EPSON CORP.) -- C:\Windows\system32\E_DCINST.DLL
[2012.12.07 13:29:57 | 000,081,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TD4BHTU.DLL
[2012.12.07 13:29:57 | 000,095,232 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\E_TLBHTU.DLL
[2012.03.09 20:16:52 | 000,801,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll
[2012.03.09 20:18:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2012.03.09 20:18:40 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2012.03.09 20:18:40 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll
[2012.03.09 20:18:38 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll
[2012.03.09 20:18:38 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll
[2012.03.09 20:18:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2012.03.09 20:18:39 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.02.22 05:47:17 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012.03.09 20:18:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2012.03.09 20:18:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.02.22 05:32:05 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.03.09 20:18:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2012.03.09 20:18:40 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.02.22 05:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:45:05 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012.03.09 20:18:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2012.03.09 20:18:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll
[2013.02.22 05:34:18 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.02.22 05:46:00 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.02.22 05:35:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:54:04 | 000,541,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2013.01.04 06:46:33 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2013.01.04 06:46:33 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2012.03.09 20:18:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.05.14 06:37:47 | 000,768,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2011.11.17 07:38:39 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll
[2011.12.23 21:58:24 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll
[2011.12.23 21:58:24 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll
[2011.12.23 21:58:24 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\system32\MAMACExtract.dll
[2011.12.23 21:58:24 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll
[2012.03.09 20:16:51 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mf.dll
[2012.03.09 20:16:50 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfreadwrite.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll
[2011.12.23 21:58:24 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll
[2013.02.22 05:33:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012.03.09 20:18:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2011.12.23 21:58:24 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll
[2013.02.22 06:05:50 | 012,324,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.02.22 05:31:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.03.09 20:18:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2012.03.09 20:18:41 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2011.12.23 21:58:24 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll
[2012.03.09 20:18:41 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2013.02.12 17:13:55 | 002,691,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2011.12.16 09:59:17 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.06 07:09:46 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.02 06:50:33 | 001,388,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2011.12.23 21:58:24 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll
[2011.12.23 21:58:24 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll
[2011.12.23 21:58:24 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll
[2011.12.23 21:58:24 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll
[2012.11.20 07:10:07 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.07.04 23:26:19 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2013.05.06 22:00:05 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2011.11.17 07:41:38 | 001,288,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.03.09 20:18:38 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2011.11.19 16:06:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2012.03.09 20:18:38 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2011.10.26 06:28:25 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:28:26 | 001,328,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.15 07:44:57 | 000,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.04.26 06:48:52 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll
[2012.04.26 06:48:52 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll
[2011.12.23 21:58:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll
[2012.06.02 06:48:35 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2011.11.17 07:39:21 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2011.11.17 07:39:24 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2011.11.17 07:39:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll
[2012.09.25 23:55:17 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.02.12 15:59:49 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.11.09 06:49:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.02.22 05:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.02.22 05:38:39 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2013.02.22 05:34:03 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2011.12.08 06:22:26 | 001,416,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WdfCoInstaller01005.dll
[2012.03.09 20:18:39 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2011.11.17 07:39:28 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.11.09 06:49:55 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.05.06 22:00:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll
[2013.02.22 05:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.01.04 06:50:40 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2012.08.24 19:10:47 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.09.28 23:14:05 | 000,851,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WinUSBCoInstaller2.dll
[2012.03.01 07:40:44 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.03.09 20:16:53 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2012.03.09 20:16:52 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2012.03.09 20:16:51 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[2012.03.09 20:16:52 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsRasterService.dll
 
<           >

< End of report >
         
--- --- ---

Alt 06.06.2013, 10:55   #8
schrauber
/// the machine
/// TB-Ausbilder
 

vermuteter Malware Befall - Standard

vermuteter Malware Befall



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
SRV - (Update-Service) -- %SystemRoot%\System32\UpdSvc.dll File not found
IE - HKCU\..\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderFilename4"=-
"ProviderID4"=-
"NextProviderID"=dword:00000005
"NumProviders"=dword:00000004
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Bitte downloade dir LSPFix
  • Starte die LSPFix.exe.
    Windows Vista oder höher mit Rechtsklick -> Als Administrator ausführen
  • Markiere die Box "I know what I'm doing"
  • In der Keep Box solltest du eine oder mehrer dieser tnnsqq5vr.dll Dateien finden.
  • Wähle jede einzelne vorhandene tnnsqq5vr.dll und verschiebe diese in die Remove Box indem du den >> Button drückst.
  • Wenn alle Dateien verschoben wurden klicke Finish>>.


und ein frisches OTL log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.06.2013, 11:53   #9
hinkes
 
vermuteter Malware Befall - Standard

vermuteter Malware Befall



Hi,

zuerst das Protokoll vom Fix.

========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
File %SystemRoot%\System32\UpdSvc.dll File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEBD267A-2CA3-49D4-9B52-153EFE3FF36D}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\ProviderFilename4 not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\ProviderID4 deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\"NextProviderID"|dword:00000005 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\"NumProviders"|dword:00000004 /E : value set successfully!

OTL by OldTimer - Version 3.2.69.0 log created on 06082013_112857


Dann noch das Protokoll vom frischen OTL ScanOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2013 11:34:39 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 52,58% Memory free
5,93 Gb Paging File | 4,42 Gb Available in Paging File | 74,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 70,11 Gb Free Space | 70,11% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 39,44 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M]
 
[2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 07:57:52 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2013.06.06 07:18:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 07:15:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\archiv
[2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip
[2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox
[2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 11:30:20 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 11:30:20 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 11:28:35 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.08 11:28:35 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.08 11:28:35 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.08 11:28:35 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.08 11:28:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.08 11:22:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.08 11:22:11 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 06:06:58 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.07 06:06:46 | 000,001,021 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp
 
========== Files Created - No Company Name ==========
 
[2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,021 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini
[2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx
[2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini
[2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

Alt 08.06.2013, 12:25   #10
schrauber
/// the machine
/// TB-Ausbilder
 

vermuteter Malware Befall - Standard

vermuteter Malware Befall



Supi

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches OTL log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.06.2013, 15:52   #11
hinkes
 
vermuteter Malware Befall - Standard

vermuteter Malware Befall



Hi,

AWD_log:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.302 - Datei am 08/06/2013 um 12:32:34 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzer : Martin - MARTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\SiteRanker
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\3twb667h.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\3twb667h.default\prefs.js

Gelöscht : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "STUTTGART");
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.FirstTime", "true");
Gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2269050.UserID", "UN93022917787636029");
Gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Gelöscht : user_pref("CT2269050.defaultSearch", "FALSE");
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.enableAlerts", "always");
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2269050.fixUrls", true);
Gelöscht : user_pref("CT2269050.installType", "Unknown");
Gelöscht : user_pref("CT2269050.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2269050.isNewTabEnabled", false);
Gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"gsr 750\",\"EB_MAIN_FRAME_URL\":[...]
Gelöscht : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");
Gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");
Gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gelöscht : user_pref("CT2269050.search.searchCount", "0");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348682049348");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1348682049183");
Gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348682050169");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1348682049798");
Gelöscht : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1348682049878");
Gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348682050260");
Gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1348682048324");
Gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1348682048217");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348682050300");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1348689248591");
Gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1348682049131");
Gelöscht : user_pref("CT2269050.settingsINI", true);
Gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gelöscht : user_pref("CT2269050.startPage", "FALSE");
Gelöscht : user_pref("CT2269050.toolbarBornServerTime", "26-9-2012");
Gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "26-9-2012");
Gelöscht : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\64nijgn9.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8355 octets] - [08/06/2013 12:32:34]

########## EOF - C:\AdwCleaner[S1].txt - [8415 octets] ##########
         
--- --- ---


Junkware_remove_log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Martin on 08.06.2013 at 12:46:55,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\3twb667h.default\minidumps [353 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2013 at 12:48:48,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Eset_Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=673ac99a6cf85a4296be6d090f82374d
# engine=14025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-08 12:49:05
# local_time=2013-06-08 02:49:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 10616 122326936 0 0
# scanned=190861
# found=0
# cleaned=0
# scan_time=6797


Security check bricht ab wegen nicht unterstüztem Betriebssystem

OTL_log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2013 15:39:46 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,05% Memory free
5,93 Gb Paging File | 4,52 Gb Available in Paging File | 76,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 69,84 Gb Free Space | 69,84% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 22,34 Gb Free Space | 73,87% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 39,44 Gb Free Space | 26,92% Space Free | Partition Type: NTFS
Drive G: | 174,07 Gb Total Space | 37,46 Gb Free Space | 21,52% Space Free | Partition Type: NTFS
Drive H: | 29,75 Gb Total Space | 14,19 Gb Free Space | 47,69% Space Free | Partition Type: exFAT
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)
SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.20 13:40:46 | 000,000,000 | ---D | M]
 
[2011.12.06 20:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.09.26 21:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\3twb667h.default\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.26 17:21:11 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2297C498-2845-4610-85A2-67E3F6B88568}: DhcpNameServer = 82.212.62.62 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA9C3B8B-8089-45E7-ABE4-AD064ADBAC2C}: DhcpNameServer = 82.212.62.62 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.08 12:46:54 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.06.08 12:46:36 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.08 12:36:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Malwareentfernung
[2013.06.06 07:57:52 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2013.06.06 07:18:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.06 07:15:59 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\archiv
[2013.06.05 06:35:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.04 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.06.04 22:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.06.04 22:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2013.06.01 10:37:15 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.05.31 19:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.05.31 18:57:53 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013.05.31 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Seven Zip
[2013.05.31 18:26:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.31 18:23:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2013.05.31 18:19:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.31 18:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.31 18:17:31 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:17:31 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:17:31 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:17:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.31 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.31 18:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.31 18:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.31 18:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.31 18:10:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.05.31 18:09:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.31 18:09:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.05.26 17:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.26 16:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Foxit Software
[2013.05.26 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013.05.20 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.16 21:34:27 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013.05.12 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.05.10 11:57:06 | 000,000,000 | R--D | C] -- C:\Users\Martin\Dropbox
[2013.05.10 11:55:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.05.10 11:55:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Dropbox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 15:28:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.08 12:55:32 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.08 12:55:32 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.08 12:55:32 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.08 12:55:32 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.08 12:43:04 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 12:43:04 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 12:35:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.08 12:35:27 | 2388,078,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 06:06:58 | 000,001,051 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.07 06:06:46 | 000,001,021 | ---- | M] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.06.05 15:59:51 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.06.05 06:35:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.06.01 10:37:04 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avnetflt.sys
[2013.05.31 18:49:32 | 000,447,208 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.31 18:29:00 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2013.05.31 18:17:42 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:14:16 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013.05.31 18:14:16 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013.05.31 18:14:16 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013.05.31 18:14:16 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013.05.26 16:31:32 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.18 14:28:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.05.18 14:28:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 14:12:05 | 003,122,804 | ---- | M] () -- C:\Users\Martin\Desktop\Info.izp
 
========== Files Created - No Company Name ==========
 
[2013.05.31 18:17:42 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.31 18:10:07 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.31 18:10:07 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.31 18:10:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.31 18:10:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.31 18:10:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.26 16:31:32 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.12 14:12:05 | 003,122,804 | ---- | C] () -- C:\Users\Martin\Desktop\Info.izp
[2013.05.10 11:57:06 | 000,001,021 | ---- | C] () -- C:\Users\Martin\Desktop\Dropbox.lnk
[2013.05.10 11:55:31 | 000,001,051 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 21:21:49 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI
[2013.04.05 18:31:57 | 000,000,174 | ---- | C] () -- C:\windows\wiso.ini
[2013.03.23 19:19:08 | 000,002,100 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel
[2013.01.02 16:26:42 | 000,010,495 | ---- | C] () -- C:\Users\Martin\hinkm_elster_2048.pfx
[2012.09.27 13:35:47 | 000,003,559 | ---- | C] () -- C:\Users\Martin\.ganttproject
[2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi
[2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini
[2012.02.12 15:19:12 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.12.08 00:25:46 | 000,000,353 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Network Meter_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


Verhält sich jetzt wieder wie ein normaler Rechner.
CPU Auslastung springt zwischen 0 und 2% im Leerlauf. also scheint nichts hintenrum zu arbeiten.

Vielen Dank!

Alt 08.06.2013, 17:33   #12
schrauber
/// the machine
/// TB-Ausbilder
 

vermuteter Malware Befall - Standard

vermuteter Malware Befall



dann sind wir fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Falls Du Lob/Kritik loswerden möchtest:
Lob, Kritik und Wünsche - Trojaner-Board


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.06.2013, 11:14   #13
hinkes
 
vermuteter Malware Befall - Standard

vermuteter Malware Befall



Guten morgen,

erstmal nochmals vielen Dank für deine schnelle und kompetente Hilfe.

Aktuell scheint es als ob alles soweit wieder i.o. ist.


Was deine Tipps angeht, das meiste hab ich so oder so eh schon berücksichtigt gehabt.
Windows Updates waren aktiviert, Virenscanner hab ich laufen usw.

Ich hab mir jetzt mal die empfohlenen Tools installiert und werde Sie anwenden.

Delfix hat noch ein Script erstellt.

# DelFix v10.3 - Datei am 09/06/2013 um 10:44:28 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Benutzer : Martin - MARTIN-PC
# Betriebssystem : Windows 7 Home Premium (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\Qoobox
Gelöscht : C:\JRT
Gelöscht : C:\_OTL
Gelöscht : C:\Combofix
Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : C:\Users\Martin\Desktop\JRT.txt
Gelöscht : C:\Users\Martin\Desktop\hijackthis.log
Gelöscht : C:\Users\Martin\Desktop\OTL.Txt
Gelöscht : C:\Users\Martin\Desktop\OTL.exe
Gelöscht : C:\Users\Martin\Downloads\adwcleaner.exe
Gelöscht : C:\Users\Martin\Downloads\JRT.exe
Gelöscht : C:\Users\Martin\Downloads\hijackthis.log
Gelöscht : C:\Users\Martin\Downloads\HiJackThis204.exe
Gelöscht : C:\Users\Martin\Downloads\LSPFix.exe
Gelöscht : C:\Users\Martin\Downloads\SecurityCheck.exe
Gelöscht : C:\windows\grep.exe
Gelöscht : C:\windows\PEV.exe
Gelöscht : C:\windows\NIRCMD.exe
Gelöscht : C:\windows\MBR.exe
Gelöscht : C:\windows\SED.exe
Gelöscht : C:\windows\SWREG.exe
Gelöscht : C:\windows\SWSC.exe
Gelöscht : C:\windows\SWXCACLS.exe
Gelöscht : C:\windows\Zip.exe
Gelöscht : HKCU\console_combofixbackup
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #172 [Windows 7 Service Pack 1 | 06/08/2013 14:02:53]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Gruß und , Martin

Alt 09.06.2013, 11:17   #14
schrauber
/// the machine
/// TB-Ausbilder
 

vermuteter Malware Befall - Standard

vermuteter Malware Befall



Alles klar
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu vermuteter Malware Befall
adobe, avg, avira, bho, converter, desktop, email, explorer, firefox, flash player, hijack, hijackthis, internet, internet explorer, logfile, malware, mozilla, mp3, object, problem, rundll, schutz, software, system, windows



Ähnliche Themen: vermuteter Malware Befall


  1. Malware Befall?
    Log-Analyse und Auswertung - 24.09.2015 (18)
  2. möglicher malware - Befall meines PC
    Plagegeister aller Art und deren Bekämpfung - 20.01.2015 (9)
  3. Schwieriger Fehler! Pc sehr langsam bei sache und vermuteter Hardware fehler?
    Alles rund um Windows - 18.02.2014 (2)
  4. Vermuteter Trojaner auf ACER - deutscher Rechner in USA bei meiner Tochter (highschool)
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (5)
  5. W7 Malware Befall – Rester löschen
    Log-Analyse und Auswertung - 11.09.2013 (14)
  6. Rootkit/ Malware Befall
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)
  7. Malware-Befall? Virenscans dauern ewig
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (61)
  8. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  9. Trojaner Befall - Malware findet nichts
    Log-Analyse und Auswertung - 14.11.2010 (7)
  10. Befall mit Malware. Was tuen?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (1)
  11. Malware Befall 'TR/Witkinat.A.30', 'TR/Spy.Insain.HP' usw.
    Log-Analyse und Auswertung - 16.03.2010 (2)
  12. Malware Defense Befall
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (10)
  13. malware defense befall
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (9)
  14. Vermuteter Trojaner beim Starten von XP
    Log-Analyse und Auswertung - 21.02.2009 (4)
  15. Malware-Befall. TR/RKIT/BDS
    Plagegeister aller Art und deren Bekämpfung - 05.12.2008 (4)
  16. backdoor und malware befall
    Plagegeister aller Art und deren Bekämpfung - 04.12.2008 (65)
  17. Trojaner und Malware-Befall
    Log-Analyse und Auswertung - 01.11.2008 (16)

Zum Thema vermuteter Malware Befall - Hi, ich vermute auf meinem Laptop ein Problem, er braucht ewig, ist nahezu immer voll ausgelastet. bei mir läuft antivir-Premium. Das sagt, alles i.o. ich habe ein Logfile mit HijackThis - vermuteter Malware Befall...
Archiv
Du betrachtest: vermuteter Malware Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.