Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avazutracking Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.06.2013, 15:14   #1
Spade
 
Avazutracking Virus - Standard

Avazutracking Virus



Hallo
Scheinbar habe ich mir den avazutracking virus eingefangen. In unregelmäßigen abständen öffnet sich in meinem Browser ein Tab das mich auf irgendeine Seite weiterleiten will. Könnt ihr mir helfen das wieder los zu werden?
Ich habe defogger, OTL und GMER bereits laufen lassen. Bei defogger bin ich mir nicht sicher ob das alles richtig lief.
Defogger:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:42 on 20/06/2013 (Benedikt)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:
Zitat:
OTL logfile created on: 20.06.2013 14:31:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benedikt\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 74,67% Memory free
6,50 Gb Paging File | 5,40 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 36,83 Gb Free Space | 15,81% Space Free | Partition Type: NTFS

Computer Name: PC-BENEDIKT | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.20 14:26:43 | 000,050,477 | ---- | M] () -- C:\Users\Benedikt\Desktop\Defogger.exe
PRC - [2013.06.20 14:26:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Downloads\OTL.exe
PRC - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.03.15 04:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.16 01:53:21 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.10.11 16:15:04 | 000,108,544 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012.09.13 01:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012.06.20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.06.20 14:26:43 | 000,050,477 | ---- | M] () -- C:\Users\Benedikt\Desktop\Defogger.exe
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.09.13 01:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012.09.13 01:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012.09.13 01:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012.09.13 01:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012.09.13 01:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012.09.13 01:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll


========== Services (SafeList) ==========

SRV - [2013.06.12 19:59:46 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.01 20:21:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.16 01:53:21 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013.06.19 14:01:21 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013.04.24 12:38:54 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013.04.24 12:38:53 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.10.31 02:18:23 | 000,489,048 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\2070810drv.sys -- (2070810drv)
DRV - [2012.10.31 02:10:41 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.31 02:10:41 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.09.21 21:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC)
DRV - [2012.09.21 21:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2006.11.02 09:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.retterspitz.de/willkommen
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{92FA829A-F713-49B9-9CA8-408037C9FEC4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=61BB70DF-B34A-48DB-822F-94894E9CF5B4&apn_sauid=15E67E30-34D9-4FD7-B155-A86E70D5D055
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://proxy.kodak.com:81/proxy.pac

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 12:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 12:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 12:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.11.18 19:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.05.16 20:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\components [2013.03.05 14:13:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\plugins [2013.05.17 22:11:27 | 000,000,000 | ---D | M]

[2012.10.31 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions
[2013.06.11 22:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\2sthi553.default-1370976688492\extensions
[2013.06.11 22:48:06 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\firefox\profiles\2sthi553.default-1370976688492\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21BB9A4A-CB0B-48C3-BF0D-2DE5D9342749}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.16 13:45:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Fatshark
[2013.05.22 17:32:24 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2013.05.22 17:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.22 17:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.10.31 00:06:37 | 017,804,184 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2012.10.31 00:06:37 | 000,157,712 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2012.10.31 00:06:37 | 000,096,664 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2012.10.31 00:06:37 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2012.10.31 00:06:36 | 002,850,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2012.10.31 00:06:36 | 000,813,976 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll
[2012.10.31 00:06:36 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2012.10.31 00:06:36 | 000,641,944 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2012.10.31 00:06:36 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2012.10.31 00:06:36 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2012.10.31 00:06:36 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2012.10.31 00:06:36 | 000,277,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2012.10.31 00:06:36 | 000,271,768 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2012.10.31 00:06:36 | 000,193,168 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2012.10.31 00:06:36 | 000,171,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2012.10.31 00:06:36 | 000,155,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2012.10.31 00:06:36 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2012.10.31 00:06:36 | 000,142,744 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2012.10.31 00:06:36 | 000,115,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2012.10.31 00:06:36 | 000,104,344 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2012.10.31 00:06:36 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2012.10.31 00:06:36 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2012.10.31 00:06:36 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2012.10.31 00:06:36 | 000,021,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2012.10.31 00:06:36 | 000,021,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2012.10.31 00:06:36 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2012.10.31 00:06:36 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2012.10.31 00:06:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2012.10.31 00:06:35 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll
[2012.10.31 00:06:35 | 000,917,400 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2012.10.31 00:06:35 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2012.10.31 00:06:35 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2012.10.31 00:06:35 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.06.20 14:29:40 | 000,000,000 | ---- | M] () -- C:\Users\Benedikt\defogger_reenable
[2013.06.20 14:26:43 | 000,050,477 | ---- | M] () -- C:\Users\Benedikt\Desktop\Defogger.exe
[2013.06.20 13:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.20 12:43:10 | 000,025,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.20 12:43:10 | 000,025,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.20 12:35:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.20 12:35:40 | 2616,053,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.19 14:01:21 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013.06.14 02:00:44 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.14 02:00:44 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.14 02:00:44 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.14 02:00:44 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.07 23:49:40 | 000,139,112 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.06.07 23:49:30 | 000,280,792 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.06.07 23:47:42 | 000,280,856 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.06.03 03:37:34 | 000,315,445 | ---- | M] () -- C:\Users\Benedikt\Documents\HS Arbeit Geschichtsdidaktik.pdf
[2013.06.02 23:51:41 | 000,307,229 | ---- | M] () -- C:\Users\Benedikt\Documents\HS-Arbeit Benedikt Trampisch.pdf
[2013.05.23 02:38:24 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.20 14:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Benedikt\defogger_reenable
[2013.06.20 14:26:42 | 000,050,477 | ---- | C] () -- C:\Users\Benedikt\Desktop\Defogger.exe
[2013.06.03 03:37:31 | 000,315,445 | ---- | C] () -- C:\Users\Benedikt\Documents\HS Arbeit Geschichtsdidaktik.pdf
[2013.06.02 23:51:40 | 000,307,229 | ---- | C] () -- C:\Users\Benedikt\Documents\HS-Arbeit Benedikt Trampisch.pdf
[2013.05.23 02:38:24 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.08 21:43:09 | 000,139,112 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.04.08 21:43:08 | 000,138,056 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\PnkBstrK.sys
[2013.04.08 21:42:30 | 000,280,792 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013.04.08 21:42:18 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.10.31 07:05:40 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.10.31 07:05:40 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.10.31 07:05:39 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.10.31 07:05:39 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.10.31 00:06:36 | 009,453,213 | ---- | C] () -- C:\Program Files\omni.ja
[2012.10.31 00:06:36 | 003,023,256 | ---- | C] () -- C:\Program Files\mozjs.dll
[2012.10.31 00:06:36 | 000,036,107 | ---- | C] () -- C:\Program Files\removed-files
[2012.10.31 00:06:36 | 000,001,723 | ---- | C] () -- C:\Program Files\precomplete
[2012.10.31 00:06:36 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2012.10.31 00:06:36 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2012.10.31 00:06:36 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2012.10.31 00:06:36 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2012.10.31 00:06:36 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini
[2012.10.31 00:06:36 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini
[2012.10.31 00:06:35 | 000,047,129 | ---- | C] () -- C:\Program Files\blocklist.xml
[2012.10.31 00:06:35 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2012.10.31 00:06:35 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2012.10.31 00:06:35 | 000,000,463 | ---- | C] () -- C:\Program Files\application.ini
[2012.10.31 00:06:35 | 000,000,183 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2012.10.30 23:47:59 | 000,017,408 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\WebpageIcons.db
[2012.10.30 23:25:28 | 000,000,182 | ---- | C] () -- C:\Windows\wininit.ini
[2012.09.21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.09.21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.09.21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.02.26 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Amazon
[2013.01.12 02:54:36 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\APP_NAME_NON_STRING
[2013.04.07 17:22:06 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\cge
[2012.11.07 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.07 23:13:26 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.06.16 13:45:06 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Fatshark
[2012.11.15 01:20:11 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Leadertech
[2012.10.31 00:44:35 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\OpenCandy
[2013.01.12 02:54:00 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\pdfforge
[2013.06.05 21:35:01 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Spotify
[2012.11.18 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Swiss Academic Software
[2013.02.03 18:07:35 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\The Creative Assembly
[2012.12.15 19:32:00 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\TS3Client
[2012.11.01 18:18:19 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\wargaming.net

========== Purity Check ==========



< End of report >

Extras:
Zitat:
OTL Extras logfile created on: 20.06.2013 14:31:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Benedikt\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 74,67% Memory free
6,50 Gb Paging File | 5,40 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 36,83 Gb Free Space | 15,81% Space Free | Partition Type: NTFS

Computer Name: PC-BENEDIKT | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0946BD2D-7D1D-4F27-AA7D-C922DF1507C0}" = rport=137 | protocol=17 | dir=out | app=system |
"{1309ABA2-3F3F-469F-86AF-759940C27FD9}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{133A03A9-D787-437D-98EB-85AC936E6394}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{29540AA9-1F75-4445-99A9-05E0F8B61000}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B3F2051-74F9-4010-A68D-F40A737BB763}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{3BA889A6-5F34-4B63-A170-ED685DBE3813}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C9512B4-85A1-43F9-8CCB-A0EC2E895379}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CFE285D-D906-4EA4-90D8-2CCE287B86B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F6E1684-EE28-4F04-91B5-293166920A75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{649E26BD-DF02-42F9-B31F-697D1343142B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6567B860-CCC3-43B0-8A88-5C2825FB88EE}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{6AB9D2A7-31A8-44F4-BEA3-4A6259F79C5F}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C0E428A-B70B-4F30-B712-2332887BA6EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EC056BB-E9DA-4E8A-BCD7-DA62FEBF483E}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{8B5D1E66-1C23-4B9E-A288-D79B18DA46C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{9AE1900C-06C5-4B35-A869-6EE7899B37F7}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B634F0B-2C1A-451C-9B22-D91A788322F4}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{9F0714E5-37FE-4314-83E0-7BED8D5D4BBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AABD17E1-37FA-4772-851F-0AF81EBF278B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AE425703-36AD-4933-9861-C62AE4C3301D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF6724B8-E27C-4BBF-9D0E-5201054C193E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B0282FFD-8EE9-4B60-A3D4-C48C9BA54C14}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{B41CC502-D272-4FE6-ACEB-DDA189355602}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{C055A98D-657E-4660-A8FE-C18E2687BBD6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0441652-61B8-44A1-8259-4F5B4E5E3384}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D40D6101-2E32-4835-93A1-19AB69657D66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DAEF2C7C-62DD-4B22-BCC0-BFB04A78B757}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0E60247-53F6-454F-83E0-80855FA92CA1}" = lport=137 | protocol=17 | dir=in | app=system |
"{E1B90164-3BF6-441E-83A8-06185B3EBED6}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{E58C5620-FDD0-4C6A-B253-676A0B0BF842}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E638400F-817A-4CEB-9687-5C956CED3B17}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0BB3DF8-A237-4645-95C4-3EB024AE789E}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{F0C2D492-855B-4016-8960-D4B6630CCFBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD2A8E6-12EA-4E49-8700-A167125B4CC8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{0E33C3C7-E2CD-4F60-9394-1D858B6492D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{11BCE032-D57A-454F-B830-4DE5FBAC2A66}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{17080A8C-5E3D-49FB-9CB5-5246B4C00F97}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{1AB2DA45-8934-43CF-8BB1-D56F1B33E818}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{1FC507CA-D17C-48FB-9A80-67A8F00972D0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wargame european escalation\wargame.exe |
"{2042170F-A4BB-4035-80F4-6A0060DA5215}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wargame european escalation\wargame.exe |
"{249C2261-A9BD-461A-BE2B-965FF356E808}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{25B0845A-CB63-4589-BD1E-6508EB5B5AA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26E334DA-E6FD-4B4F-8E3D-2F18F4DD272D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{2A59FAEA-7215-4E0C-B6D2-ECAA696CF521}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F342093-BF53-4673-BEE3-B8367D936B5D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{37EB6150-B5C3-4371-A01B-56DAAA1CD11E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C13E9B5-09D0-43B1-9075-A40460FD3245}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{3C9562EE-A013-4956-9BF8-4ACC7AA12279}" = protocol=6 | dir=in | app=c:\program files\war thunder\launcher.exe |
"{3EC77A3C-54D0-4EDF-83EF-71C174941089}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{456A3B74-5946-40FC-A079-892A6A77D545}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48BB89A5-4863-4CAA-8A69-5607120E73C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51293086-C298-4EE8-961B-4B471FF87407}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"{53FC7F4E-D0B3-4F5A-BFBC-08856EF23261}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{55996118-EFFD-4C9E-9B66-8ED377AEE4F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{57338B80-D4D7-4D1B-B8E8-2BA4D29A1787}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5DC96BBB-65C0-43DB-88FD-D31D288DE1A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5FAF19AC-07A3-495F-942E-2650B4624535}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{5FB8F70B-0D06-404F-A52F-C20B1D1F2A24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60767204-32F5-43DF-A833-80CE45405740}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61562684-F222-40EB-82E6-D077C961F107}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{615E1C68-4AAE-4659-940C-DD38E836A54D}" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\steam.exe |
"{6D8643FB-870C-4AC7-9740-DFB72B871643}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{6FA057B1-5611-48A1-9C22-27E4BB74DA1B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{6FBA2246-CF01-4591-8C92-21FBF14ED8E3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{7568A89C-34B1-4663-AFE2-6405A3B76253}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\ss2\shock2.exe |
"{762B787A-9B71-44D6-85E6-FABDCA3CE41C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\ss2\shock2.exe |
"{7A1CEA61-7FF1-41EE-AC85-C8D27CE5BCF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{828B0B18-EDF5-430D-BC3E-E196BAC2567A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{865979E6-E383-415F-886E-8192EA2D59E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8661838E-DA83-47B7-858D-27A6C50598B8}" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\steam.exe |
"{8FF36C4D-FCBD-48DC-AD53-AF3DEBC9D9D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{92989266-7118-40F3-8FB9-10A306A6B7E0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9608DD98-9E72-4FAF-BB38-B2D2C1815318}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rising storm beta\binaries\win32\rogame.exe |
"{966B3A8D-C54B-453F-969A-77A6634293D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A24E8E10-BDF5-45CF-A203-5487979C0EC7}" = protocol=6 | dir=out | app=system |
"{A34DD5BB-15C4-49FD-BAB0-7C01AF04F953}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war of the roses\run_game.exe |
"{A6B8B7F2-D7B5-463C-819E-29A599EC6A9D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{B4640B26-BAFB-413E-BBE4-BA19BBC438B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BA505499-AF4B-46B4-88F0-AA60C5D6EFE8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rising storm beta\binaries\win32\rogame.exe |
"{BAE1538B-3309-4CA0-B1E6-278B5E474A00}" = protocol=17 | dir=in | app=c:\program files\war thunder\launcher.exe |
"{BB1C5A3C-D425-4C00-8591-00E7B6AB14AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB8BF51A-21C2-4B15-A85B-040908825135}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{BC284AF3-B644-40F4-938C-09D8331CE04A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBC7012D-448D-4839-9104-B542C8C36D28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFF1FB01-79D4-4371-ADA0-E42937B5B1CF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war of the roses\run_game.exe |
"{D1E1EA37-656D-43C2-9B99-41C580B2715D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D45D1E65-0504-4863-AB9B-718F5486F378}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DEA720E0-E313-4189-8EE0-CA533051DAE4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{E1F077B4-CC9C-484A-8E63-9E91D1BD420D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{E5C7A67D-1090-4DDD-A924-A5A9D6621097}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"TCP Query User{10DEC032-8B85-4A50-ADC3-9550DFEE93E5}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{1ABAE064-6F29-4467-9B13-B7444B191CE5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{25529F62-C2FF-4B93-BD8C-5D011B0375E3}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{46CE47B1-D0E5-4620-A12E-D8B85FAE44A4}C:\users\benedikt\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\benedikt\desktop\skype.exe |
"TCP Query User{4822B3FE-F0F9-4ECB-8A3A-D6C489D49129}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{7120640E-BDE3-41DD-A0C8-E8C33A480193}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9CA19F5B-4D30-46D3-A697-AAC81E306EEA}C:\program files\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files\war thunder\aces.exe |
"TCP Query User{A99B2AB6-6F65-4A06-9D7C-FBF18E58283F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{BAA65AAF-9C39-4EF0-917A-836F9879711C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{C0DDB666-11E9-4993-B69B-9DD64F3896C3}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{CCD40A2F-8E57-48AB-AE57-179EA6B0B244}C:\program files\war thunder\launcher.exe" = protocol=6 | dir=in | app=c:\program files\war thunder\launcher.exe |
"TCP Query User{E52279CB-9B67-49CC-8132-7F281B69A349}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{005471DE-AE02-41EF-9DF9-1DF2DBB4B68A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{0A493789-7EF2-4C49-8AB7-AA7588DA6F90}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{0E4E8FBA-3CB3-4BAC-9959-AED1142BD9A3}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{10270BBB-9617-46B2-927B-DB59CFA53FED}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{2786953D-C955-4201-A661-DD348527E88C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{336F3C4B-F7C7-434F-A41A-C3C173F958C2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{4D1AE8F1-7A28-4E81-BED9-F163926C745F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{8CE9467C-BA13-4B55-BAD9-7C5A7EAC186E}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{8F71B85D-4407-4E44-B384-B585E7FBFF0F}C:\program files\war thunder\launcher.exe" = protocol=17 | dir=in | app=c:\program files\war thunder\launcher.exe |
"UDP Query User{9AED9911-C1E5-4EEB-8418-51E111783566}C:\users\benedikt\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\benedikt\desktop\skype.exe |
"UDP Query User{EB290113-2DAF-43D7-986C-A478D04C049C}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe |
"UDP Query User{ECD535B8-F185-4C05-833F-9669DEADD4B2}C:\program files\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files\war thunder\aces.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.164
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}" = KODAK Share-Tastenanwendung
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows-Treiberpaket - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"AC3Filter_is1" = AC3Filter 2.6.0b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"cge" = Cambridge Grammar of English
"DivX Setup" = DivX Setup
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PunkBusterSvc" = PunkBuster Services
"Steam App 222750" = Wargame: AirLand Battle
"Steam App 224780" = Rising Storm Beta
"Steam App 238210" = System Shock 2
"Steam App 35450" = Rising Storm/Red Orchestra 2 Multiplayer
"Steam App 42160" = War of the Roses: Kingmaker
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.06.2013 15:45:09 | Computer Name = PC-Benedikt | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers
geschlossen. Programm: Kaspersky Anti-Virus Datei: Der Fehlerwert ist im Abschnitt
"Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut.
Diese
Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei
zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator
überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem
Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z.
B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem,
indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
/F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie
wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien
auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp:
0

Error - 15.06.2013 07:33:46 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

Error - 16.06.2013 06:53:48 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

Error - 16.06.2013 07:43:56 | Computer Name = PC-Benedikt | Source = VSS | ID = 8194
Description =

Error - 17.06.2013 06:27:26 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

Error - 17.06.2013 13:50:41 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

Error - 18.06.2013 06:48:13 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

Error - 18.06.2013 14:46:36 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

Error - 19.06.2013 07:45:14 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

Error - 20.06.2013 06:37:29 | Computer Name = PC-Benedikt | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 06.04.2013 21:19:28 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv

Error - 06.04.2013 21:21:29 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 06.04.2013 21:21:29 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 07.04.2013 06:17:18 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv

Error - 07.04.2013 06:27:02 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv

Error - 07.04.2013 06:29:03 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 07.04.2013 06:29:03 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 08.04.2013 05:26:46 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
2070810drv

Error - 08.04.2013 05:28:46 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 08.04.2013 05:28:46 | Computer Name = PC-Benedikt | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069


< End of report >
GMER:
Zitat:
MER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-20 16:00:08
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 SAMSUNG_SP2504C rev.VT100-50 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Benedikt\AppData\Local\Temp\kxdyyaog.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xAB08E6BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0xAB041C02]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0xAB041F4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0xAB042390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0xAB02A28C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xAB0418DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xAB02A804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xAB02A6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xAB041DAE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xAB091528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xAB02A924]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xAB0909BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0xAB090BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0xAB090660]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xAB041E7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xAB090506]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xAB02A2D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xAB08E7FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xAB08E464]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xAB091320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xAB04006C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xAB02A89A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xAB02A77A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xAB0900AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xAB0917D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xAB02A9BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xAB090718]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0xAB02AA44]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0xAB04027A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xAB0911D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xAB042174]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xAB042002]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0xAB0420B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xAB0421E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xAB090EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xAB041A6A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xAB09105C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xAB02AAE6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xAB08E56E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xAB09024E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xAB090DA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xAB02AAF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xAB0903AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xAB0908B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xAB09193C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xAB091666]

INT 0x51 ? 9F2DECD8
INT 0x52 ? 9E4877D8
INT 0x61 ? 9F1A4058
INT 0x62 ? 9F1A42D8
INT 0x72 ? 9E487CD8
INT 0x82 ? 9E487058
INT 0x92 ? 9E487A58
INT 0x93 ? 9F1A4CD8
INT 0xA2 ? 9F2DEA58
INT 0xA3 ? 9E4872D8
INT 0xB1 ? 9E426CD8
INT 0xB3 ? 9E487558

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D E2A579F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E2A911F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 E2A9841C 4 Bytes [BA, E6, 08, AB]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF E2A98444 8 Bytes [02, 1C, 04, AB, 4A, 1F, 04, ...] {ADD BL, [ESP+EAX]; STOSD ; DEC EDX; POP DS; ADD AL, 0xab}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 E2A98488 4 Bytes [90, 23, 04, AB] {NOP ; AND EAX, [EBX+EBP*4]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F E2A984B4 4 Bytes [8C, A2, 02, AB]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 E2A984D8 4 Bytes [DC, 18, 04, AB] {FCOMP QWORD [EAX]; ADD AL, 0xab}
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys

---- Registry - GMER 2.1 ----

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Benedikt\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1

---- EOF - GMER 2.1 ----
Vielen Dank schonmal im Vorraus

Alt 20.06.2013, 15:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Avazutracking Virus - Standard

Avazutracking Virus



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 20.06.2013, 15:33   #3
Spade
 
Avazutracking Virus - Standard

Avazutracking Virus



Servus Schrauber vielen Dank für die prompte Antwort

Hier ist das FRST-Log:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2013
Ran by Benedikt (administrator) on 20-06-2013 16:28:30
Running from C:\Users\Benedikt\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Windows\system32\PnkBstrA.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Mozilla Corporation) C:\Program Files\firefox.exe
(Mozilla Corporation) C:\Program Files\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [356376 2012-11-16] (Kaspersky Lab ZAO)
HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKCU\...\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)
MountPoints2: J - J:\KODAK_Camera_Setup_App.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.retterspitz.de/willkommen
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKCU - {92FA829A-F713-49B9-9CA8-408037C9FEC4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=61BB70DF-B34A-48DB-822F-94894E9CF5B4&apn_sauid=15E67E30-34D9-4FD7-B155-A86E70D5D055
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2012-11-16] (Kaspersky Lab ZAO)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-08] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

S1 2070810drv; C:\Windows\System32\DRIVERS\2070810drv.sys [489048 2012-10-31] (Kaspersky Lab)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-31] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-31] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
U3 kxdyyaog; \??\C:\Users\Benedikt\AppData\Local\Temp\kxdyyaog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST
2013-06-20 16:27 - 2013-06-20 16:28 - 01368263 ____A (Farbar) C:\Users\Benedikt\Downloads\FRST.exe
2013-06-20 16:00 - 2013-06-20 16:00 - 00017348 ____A C:\Users\Benedikt\Desktop\GMER Log.log
2013-06-20 14:46 - 2013-06-20 14:46 - 00069112 ____A C:\Users\Benedikt\Desktop\Extras.Txt
2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe
2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt
2013-06-20 14:40 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Desktop\OTL.Txt
2013-06-20 14:39 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt
2013-06-20 14:29 - 2013-06-20 14:42 - 00000478 ____A C:\Users\Benedikt\Desktop\defogger_disable.log
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable
2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Downloads\OTL.exe
2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe
2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark
2013-06-13 01:43 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 01:43 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 01:40 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:40 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:40 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:26 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:26 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:26 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:26 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:26 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:26 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 22:26 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:26 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 22:26 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 22:26 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:26 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 22:26 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-23 02:36 - 2013-05-23 02:41 - 00009721 ____A C:\Windows\IE10_main.log
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-05-22 17:32 - 2009-03-18 18:35 - 00026176 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys

==================== One Month Modified Files and Folders ========

2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST
2013-06-20 16:28 - 2013-06-20 16:27 - 01368263 ____A (Farbar) C:\Users\Benedikt\Downloads\FRST.exe
2013-06-20 16:21 - 2012-10-30 23:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-20 16:02 - 2012-10-30 22:11 - 01738471 ____A C:\Windows\WindowsUpdate.log
2013-06-20 16:00 - 2013-06-20 16:00 - 00017348 ____A C:\Users\Benedikt\Desktop\GMER Log.log
2013-06-20 15:59 - 2012-10-30 23:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 14:46 - 2013-06-20 14:46 - 00069112 ____A C:\Users\Benedikt\Desktop\Extras.Txt
2013-06-20 14:42 - 2013-06-20 14:29 - 00000478 ____A C:\Users\Benedikt\Desktop\defogger_disable.log
2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe
2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt
2013-06-20 14:40 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Desktop\OTL.Txt
2013-06-20 14:40 - 2013-06-20 14:39 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable
2013-06-20 14:29 - 2012-10-30 22:22 - 00000000 ____D C:\users\Benedikt
2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Downloads\OTL.exe
2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe
2013-06-20 14:17 - 2013-05-13 23:17 - 00000000 ____D C:\Users\Benedikt\AppData\Local\LogMeIn Hamachi
2013-06-20 12:43 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 12:43 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 12:35 - 2012-11-18 04:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-20 12:35 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 12:35 - 2009-07-14 06:39 - 00136026 ____A C:\Windows\setupact.log
2013-06-20 02:24 - 2012-10-31 00:09 - 00000000 ____D C:\Program Files\Steam
2013-06-20 02:24 - 2012-10-30 22:38 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Skype
2013-06-19 16:03 - 2012-10-31 00:44 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Winamp
2013-06-19 14:01 - 2012-06-08 12:38 - 00044000 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark
2013-06-14 21:50 - 2013-03-04 17:57 - 00000000 ____D C:\Program Files\War Thunder
2013-06-14 02:00 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 19:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 12:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 01:41 - 2012-12-23 13:57 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:59 - 2012-10-30 23:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 19:59 - 2012-10-30 23:17 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 15:31 - 2012-10-30 22:44 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-08 13:42 - 2013-06-13 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 01:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 23:49 - 2013-04-08 21:45 - 00280792 ____A C:\Windows\System32\PnkBstrB.xtr
2013-06-07 23:49 - 2013-04-08 21:43 - 00139112 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2013-06-07 23:49 - 2013-04-08 21:42 - 00280792 ____A C:\Windows\System32\PnkBstrB.exe
2013-06-07 23:47 - 2013-04-08 21:42 - 00280856 ____A C:\Windows\System32\PnkBstrB.ex0
2013-06-07 12:45 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-05 21:49 - 2013-03-23 15:29 - 00000000 ____D C:\Users\Benedikt\AppData\Local\Spotify
2013-06-05 21:35 - 2013-03-23 15:28 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Spotify
2013-05-27 23:14 - 2013-03-04 17:57 - 00000000 ____D C:\Users\Benedikt\Documents\My Games
2013-05-27 13:55 - 2012-11-29 21:36 - 00000000 ____D C:\ProgramData\Skype
2013-05-23 02:41 - 2013-05-23 02:36 - 00009721 ____A C:\Windows\IE10_main.log
2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 19:00

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2013
Ran by Benedikt at 2013-06-20 16:29:08 Run:
Running from C:\Users\Benedikt\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

AC3Filter 2.6.0b (Version: 2.6.0b)
Adobe AIR (Version: 3.5.0.600)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Cambridge Grammar of English
CameraHelperMsi (Version: 13.51.815.0)
Citavi (Version: 3.3.0.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.41)
erLT (Version: 1.20.138.34)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190)
KODAK Share-Tastenanwendung (Version: 4.05.0000.0000)
Logitech Webcam-Software (Version: 2.51)
LogMeIn Hamachi (Version: 2.1.0.362)
LWS Facebook (Version: 13.50.854.0)
LWS Gallery (Version: 13.51.827.0)
LWS Help_main (Version: 13.51.828.0)
LWS Launcher (Version: 13.51.828.0)
LWS Motion Detection (Version: 13.51.815.0)
LWS Pictures And Video (Version: 13.51.815.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Webcam Software (Version: 13.51.815.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Mozilla Firefox 18.0.2 (x86 de) (Version: 18.0.2)
Mozilla Maintenance Service (Version: 18.0.2)
NVIDIA 3D Vision Controller-Treiber 314.22 (Version: 314.22)
NVIDIA 3D Vision Treiber 314.22 (Version: 314.22)
NVIDIA Grafiktreiber 314.22 (Version: 314.22)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1422)
NVIDIA Systemsteuerung 314.22 (Version: 314.22)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
PunkBuster Services (Version: 0.992)
Rising Storm Beta
Rising Storm/Red Orchestra 2 Multiplayer
Skype™ 6.3 (Version: 6.3.107)
Spotify (Version: 0.9.0.133.gd18ed589)
Steam (Version: 1.0.0.0)
System Shock 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
War of the Roses: Kingmaker
War Thunder Launcher 1.0.1.164
Wargame: AirLand Battle
Winamp (Version: 5.63 )
Winamp Erkennungs-Plug-in (Version: 1.0.0.1)
Windows-Treiberpaket - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
World of Tanks

==================== Restore Points  =========================

12-06-2013 23:40:03 Windows Update
16-06-2013 11:43:57 DirectX wurde installiert
18-06-2013 10:51:40 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {00C8E031-7145-4142-931B-37473E1EC10A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-459463795-2216133518-3428011660-1001 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {3D29E1BD-7D91-4AD7-8FD1-9766DD45BE1B} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [2012-10-11] (Eastman Kodak Company)
Task: {58384151-70DC-4788-827D-139E3D92EAB9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {858D2C5C-8572-4590-842B-469077F8DE22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {DA9ED933-FA95-450F-BE76-B7EF66430841} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

Name: H:\
Description: USB SM Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: G:\
Description: USB CF Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: I:\
Description: USB MS Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: F:\
Description: USB SD Reader   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic 
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 02:45:13 PM) (Source: Application Hang) (User: )
Description: Programm gmer_2.1.19163.exe, Version 2.1.19163.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cbc

Startzeit: 01ce6db3efb8e8fb

Endzeit: 16

Anwendungspfad: C:\Users\Benedikt\Downloads\gmer_2.1.19163.exe

Berichts-ID: 37aea3fd-d9a7-11e2-b838-0015587603e4

Error: (06/20/2013 00:37:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 01:45:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 08:46:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 00:48:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2013 07:50:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2013 00:27:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2013 01:43:56 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {9984c96c-b464-409e-9d4e-7bbb4ec00627}

Error: (06/16/2013 00:53:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2013 01:33:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/20/2013 00:37:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/20/2013 00:37:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/20/2013 00:35:54 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
2070810drv

Error: (06/19/2013 01:45:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/19/2013 01:45:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/19/2013 01:43:36 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
2070810drv

Error: (06/18/2013 08:46:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/18/2013 08:46:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/18/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
2070810drv

Error: (06/18/2013 00:48:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (06/20/2013 02:45:13 PM) (Source: Application Hang)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0cbc01ce6db3efb8e8fb16C:\Users\Benedikt\Downloads\gmer_2.1.19163.exe37aea3fd-d9a7-11e2-b838-0015587603e4

Error: (06/20/2013 00:37:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2013 01:45:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 08:46:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2013 00:48:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2013 07:50:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2013 00:27:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2013 01:43:56 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {9984c96c-b464-409e-9d4e-7bbb4ec00627}

Error: (06/16/2013 00:53:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2013 01:33:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-06-19 17:16:59.397
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.397
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.381
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.381
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.319
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.319
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-19 17:16:59.288
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3326.49 MB
Available physical RAM: 1827.89 MB
Total Pagefile: 6651.27 MB
Available Pagefile: 4937.4 MB
Total Virtual: 2499.88 MB
Available Virtual: 2355.63 MB

==================== Drives ================================

Drive c: (Aquado) (Fixed) (Total:232.88 GB) (Free:36.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 896E9190)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 20.06.2013, 18:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Avazutracking Virus - Standard

Avazutracking Virus



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.06.2013, 21:00   #5
Spade
 
Avazutracking Virus - Standard

Avazutracking Virus



So ich habe mal alles durchlaufen lassen
der AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 20/06/2013 um 19:16:56 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Benedikt - PC-BENEDIKT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Benedikt\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Benedikt\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Benedikt\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Benedikt\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [1032 octets] - [20/06/2013 19:16:56]
AdwCleaner[S1].txt - [4211 octets] - [30/07/2012 15:56:13]

########## EOF - C:\AdwCleaner[R2].txt - [1152 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by Benedikt on 20.06.2013 at 19:20:42,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{92FA829A-F713-49B9-9CA8-408037C9FEC4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Benedikt\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Benedikt\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Benedikt\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ask" 



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.06.2013 at 19:22:33,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=319d80cf85bd9b4bbd1126e6b203de74
# engine=14115
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 07:53:40
# local_time=2013-06-20 09:53:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 9582 123389211 0 0
# scanned=163384
# found=2
# cleaned=0
# scan_time=8675
sh=1CF2BFC9ABCC4DBC0EECFC8E7D886568A4FAD11B ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OCD trojan" ac=I fn="C:\Users\Benedikt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\65619ae7-157172cd"
sh=8AF55DC32DD64D199196C0440E7D6B3428A40CF8 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OCF trojan" ac=I fn="C:\Users\Benedikt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\ec770f0-3eb3750e"
         
Den Security Check kriege ich nicht richtig ausgeführt? Auch als Administrator ausgeführt bekomme ich diese Fehlermeldung
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Und hier ist noch der FRST Scan

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2013
Ran by Benedikt (administrator) on 20-06-2013 22:09:10
Running from C:\Users\Benedikt\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Windows\system32\PnkBstrA.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Eastman Kodak Company) C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\firefox.exe
(Mozilla Corporation) C:\Program Files\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2012-06-20] (Nullsoft, Inc.)
HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [356376 2012-11-16] (Kaspersky Lab ZAO)
HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKCU\...\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-10-11] (Eastman Kodak Company)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: J - J:\KODAK_Camera_Setup_App.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.retterspitz.de/willkommen
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\2sthi553.default-1370976688492\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2012-11-16] (Kaspersky Lab ZAO)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-04-08] ()
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

S1 2070810drv; C:\Windows\System32\DRIVERS\2070810drv.sys [489048 2012-10-31] (Kaspersky Lab)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2006-11-02] (Microsoft Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-10-31] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-10-31] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
U3 kxdyyaog; \??\C:\Users\Benedikt\AppData\Local\Temp\kxdyyaog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 22:02 - 2013-06-20 22:02 - 00890839 ____A C:\Users\Benedikt\Downloads\SecurityCheck.exe
2013-06-20 21:57 - 2013-06-20 21:57 - 00890839 ____A C:\Users\Benedikt\Desktop\SecurityCheck.exe
2013-06-20 21:56 - 2013-06-20 21:56 - 00000000 ____A C:\cookies.sqlite
2013-06-20 19:25 - 2013-06-20 19:25 - 02347384 ____A (ESET) C:\Users\Benedikt\Downloads\esetsmartinstaller_enu.exe
2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\JRT
2013-06-20 19:18 - 2013-06-20 19:19 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Benedikt\Desktop\JRT.exe
2013-06-20 19:16 - 2013-06-20 19:17 - 00001221 ____A C:\AdwCleaner[R2].txt
2013-06-20 19:13 - 2013-06-20 19:13 - 00648201 ____A C:\Users\Benedikt\Desktop\adwcleaner.exe
2013-06-20 16:30 - 2013-06-20 16:30 - 00025718 ____A C:\Users\Benedikt\Downloads\FRST.txt
2013-06-20 16:29 - 2013-06-20 16:30 - 00020620 ____A C:\Users\Benedikt\Downloads\Addition.txt
2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST
2013-06-20 16:27 - 2013-06-20 16:28 - 01368263 ____A (Farbar) C:\Users\Benedikt\Desktop\FRST.exe
2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe
2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt
2013-06-20 14:39 - 2013-06-20 14:40 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable
2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Desktop\OTL.exe
2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe
2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark
2013-06-13 01:43 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-13 01:43 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 01:43 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 01:40 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 01:40 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 01:40 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 01:40 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 22:26 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:26 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 22:26 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:26 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:26 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 22:26 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 22:26 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:26 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 22:26 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 22:26 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 22:26 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 22:26 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-23 02:36 - 2013-05-23 02:41 - 00009721 ____A C:\Windows\IE10_main.log
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-05-22 17:32 - 2009-03-18 18:35 - 00026176 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys

==================== One Month Modified Files and Folders ========

2013-06-20 22:02 - 2013-06-20 22:02 - 00890839 ____A C:\Users\Benedikt\Downloads\SecurityCheck.exe
2013-06-20 21:59 - 2012-10-30 23:17 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 21:57 - 2013-06-20 21:57 - 00890839 ____A C:\Users\Benedikt\Desktop\SecurityCheck.exe
2013-06-20 21:57 - 2012-10-30 22:38 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Skype
2013-06-20 21:56 - 2013-06-20 21:56 - 00000000 ____A C:\cookies.sqlite
2013-06-20 21:56 - 2012-10-30 23:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-20 20:48 - 2012-10-30 22:11 - 01738794 ____A C:\Windows\WindowsUpdate.log
2013-06-20 19:25 - 2013-06-20 19:25 - 02347384 ____A (ESET) C:\Users\Benedikt\Downloads\esetsmartinstaller_enu.exe
2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\Windows\ERUNT
2013-06-20 19:20 - 2013-06-20 19:20 - 00000000 ____D C:\JRT
2013-06-20 19:19 - 2013-06-20 19:18 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Benedikt\Desktop\JRT.exe
2013-06-20 19:17 - 2013-06-20 19:16 - 00001221 ____A C:\AdwCleaner[R2].txt
2013-06-20 19:15 - 2012-10-31 00:09 - 00000000 ____D C:\Program Files\Steam
2013-06-20 19:13 - 2013-06-20 19:13 - 00648201 ____A C:\Users\Benedikt\Desktop\adwcleaner.exe
2013-06-20 16:33 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 16:33 - 2009-07-14 06:34 - 00025680 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 16:30 - 2013-06-20 16:30 - 00025718 ____A C:\Users\Benedikt\Downloads\FRST.txt
2013-06-20 16:30 - 2013-06-20 16:29 - 00020620 ____A C:\Users\Benedikt\Downloads\Addition.txt
2013-06-20 16:28 - 2013-06-20 16:28 - 00000000 ____D C:\FRST
2013-06-20 16:28 - 2013-06-20 16:27 - 01368263 ____A (Farbar) C:\Users\Benedikt\Desktop\FRST.exe
2013-06-20 14:41 - 2013-06-20 14:41 - 00377856 ____A C:\Users\Benedikt\Desktop\gmer_2.1.19163.exe
2013-06-20 14:40 - 2013-06-20 14:40 - 00069112 ____A C:\Users\Benedikt\Downloads\Extras.Txt
2013-06-20 14:40 - 2013-06-20 14:39 - 00065940 ____A C:\Users\Benedikt\Downloads\OTL.Txt
2013-06-20 14:29 - 2013-06-20 14:29 - 00000000 ____A C:\Users\Benedikt\defogger_reenable
2013-06-20 14:29 - 2012-10-30 22:22 - 00000000 ____D C:\users\Benedikt
2013-06-20 14:26 - 2013-06-20 14:26 - 00602112 ____A (OldTimer Tools) C:\Users\Benedikt\Desktop\OTL.exe
2013-06-20 14:26 - 2013-06-20 14:26 - 00050477 ____A C:\Users\Benedikt\Desktop\Defogger.exe
2013-06-20 14:17 - 2013-05-13 23:17 - 00000000 ____D C:\Users\Benedikt\AppData\Local\LogMeIn Hamachi
2013-06-20 12:35 - 2012-11-18 04:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-20 12:35 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 12:35 - 2009-07-14 06:39 - 00136026 ____A C:\Windows\setupact.log
2013-06-19 16:03 - 2012-10-31 00:44 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Winamp
2013-06-19 14:01 - 2012-06-08 12:38 - 00044000 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-06-16 13:45 - 2013-06-16 13:45 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Fatshark
2013-06-14 21:50 - 2013-03-04 17:57 - 00000000 ____D C:\Program Files\War Thunder
2013-06-14 02:00 - 2010-11-20 23:01 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 19:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-13 12:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 01:41 - 2012-12-23 13:57 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:59 - 2012-10-30 23:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 19:59 - 2012-10-30 23:17 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-08 15:31 - 2012-10-30 22:44 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-08 13:42 - 2013-06-13 01:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-13 01:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-13 01:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 23:49 - 2013-04-08 21:45 - 00280792 ____A C:\Windows\System32\PnkBstrB.xtr
2013-06-07 23:49 - 2013-04-08 21:43 - 00139112 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2013-06-07 23:49 - 2013-04-08 21:42 - 00280792 ____A C:\Windows\System32\PnkBstrB.exe
2013-06-07 23:47 - 2013-04-08 21:42 - 00280856 ____A C:\Windows\System32\PnkBstrB.ex0
2013-06-07 12:45 - 2009-07-14 06:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-05 21:49 - 2013-03-23 15:29 - 00000000 ____D C:\Users\Benedikt\AppData\Local\Spotify
2013-06-05 21:35 - 2013-03-23 15:28 - 00000000 ____D C:\Users\Benedikt\AppData\Roaming\Spotify
2013-05-27 23:14 - 2013-03-04 17:57 - 00000000 ____D C:\Users\Benedikt\Documents\My Games
2013-05-27 13:55 - 2012-11-29 21:36 - 00000000 ____D C:\ProgramData\Skype
2013-05-23 02:41 - 2013-05-23 02:36 - 00009721 ____A C:\Windows\IE10_main.log
2013-05-23 02:38 - 2013-05-23 02:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-23 02:38 - 2013-05-23 02:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-23 02:38 - 2013-05-23 02:38 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-23 02:38 - 2013-05-23 02:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-23 02:38 - 2013-05-23 02:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-23 02:38 - 2013-05-23 02:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-23 02:38 - 2013-05-23 02:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-22 17:32 - 2013-05-22 17:32 - 00000000 ____D C:\Program Files\LogMeIn Hamachi

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 19:00

==================== End Of Log ============================
         
--- --- ---


Geändert von Spade (20.06.2013 um 21:12 Uhr)

Alt 21.06.2013, 09:06   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Avazutracking Virus - Standard

Avazutracking Virus



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Noch Probleme?
__________________
--> Avazutracking Virus

Alt 21.06.2013, 19:47   #7
Spade
 
Avazutracking Virus - Standard

Avazutracking Virus



Servus Schrauber,
Hab das jetzt durchlaufen lassen sieht nicht so aus als wäre da noch etwas. Gibt es eine Möglichkeit das zu überprüfen? Nocheinmal den ESET scanner laufen lassen?

Alt 21.06.2013, 20:01   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Avazutracking Virus - Standard

Avazutracking Virus



Nee brauchst nit, alles gut

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.06.2013, 12:06   #9
Spade
 
Avazutracking Virus - Standard

Avazutracking Virus



Ok vielen Dank für die Hilfe sieht so aus als hätte sich alles erledigt

Alt 22.06.2013, 13:22   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Avazutracking Virus - Standard

Avazutracking Virus



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Avazutracking Virus
adobe reader xi, bho, browser, desktop, error, festplatte, firefox, flash player, format, home, install.exe, kaspersky, logfile, mozilla, nicht möglich, object, problem, programm, registry, rundll, scan, security, senden, software, storm, svchost.exe, tastatur, virus, wargame, windows



Ähnliche Themen: Avazutracking Virus


  1. Tablet Aus Nexus 7 avazutracking.net Google chrome Problem
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (1)
  2. Avazutracking
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (17)
  3. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (11)
  4. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (12)
  5. Seth.avazutracking.net - Problem
    Log-Analyse und Auswertung - 14.10.2013 (7)
  6. seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (9)
  7. Avazutracking entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (17)
  8. seth.avazutracking.net Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (9)
  9. Seth Avazutracking.net
    Log-Analyse und Auswertung - 02.08.2013 (13)
  10. Unsicher ob wirklich Virus eingefangen- avazutracking !
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (13)
  11. Seth.avazutracking.net
    Log-Analyse und Auswertung - 25.06.2013 (4)
  12. Unsicher ob wirklich Virus eingefangen- avazutracking
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (15)
  13. http://seth.avazutracking.net/tracking/redirect/
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (1)
  14. Seth. avazutracking.net
    Log-Analyse und Auswertung - 12.04.2013 (20)
  15. Seth Avazutracking.net und ad.yieldmanager.com entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (26)
  16. Avazutracking virus
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (29)
  17. Seth. avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (36)

Zum Thema Avazutracking Virus - Hallo Scheinbar habe ich mir den avazutracking virus eingefangen. In unregelmäßigen abständen öffnet sich in meinem Browser ein Tab das mich auf irgendeine Seite weiterleiten will. Könnt ihr mir helfen - Avazutracking Virus...
Archiv
Du betrachtest: Avazutracking Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.