Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mystar incredybar löschen (https://www.trojaner-board.de/127747-mystar-incredybar-loeschen.html)

Nirobe 05.12.2012 21:49
Logdatei CombiFix:Combofix Logfile:
Code:
ComboFix 12-12-04.01 - Jan 05.12.2012  21:01:03.3.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.2873 [GMT 1:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jan\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll --> c:\windows\system32\shsvcs.dll
.
(((((((((((((((((((((((  Dateien erstellt von 2012-11-05 bis 2012-12-05  ))))))))))))))))))))))))))))))
.
.
2012-12-05 20:08 . 2012-12-05 20:17        --------        d-----w-        c:\users\Jan\AppData\Local\temp
2012-12-05 20:08 . 2012-12-05 20:08        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-12-05 20:08 . 2012-12-05 20:08        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-12-05 15:43 . 2012-12-05 15:43        --------        d-----w-        c:\program files (x86)\avmwlanstick
2012-12-05 15:35 . 2009-03-20 00:03        480560        ------w-        c:\windows\instwcli.dex
2012-12-04 21:39 . 2012-12-04 21:39        --------        d-----w-        c:\users\Jan\AppData\Local\APN
2012-12-04 21:39 . 2012-12-04 22:27        --------        d-----w-        c:\programdata\Avira
2012-12-04 21:26 . 2012-12-04 21:26        --------        d-----w-        c:\windows\ERUNT
2012-12-04 21:26 . 2012-12-04 21:26        --------        d-----w-        C:\JRT
2012-12-04 18:54 . 2012-12-04 18:54        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-12-04 18:54 . 2012-12-04 18:54        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-04 18:53 . 2012-12-04 18:53        --------        d-----w-        c:\program files (x86)\Java
2012-12-04 17:30 . 2012-11-08 17:24        9125352        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C421986F-EC7C-49D3-AAFA-22A2613930B8}\mpengine.dll
2012-12-03 20:42 . 2012-12-03 20:42        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-03 20:42 . 2012-12-03 20:42        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
2012-12-02 13:31 . 2012-12-02 14:39        --------        d-----w-        c:\program files (x86)\Google
2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\users\Jan\AppData\Roaming\Malwarebytes
2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\programdata\Malwarebytes
2012-12-02 09:01 . 2012-12-02 09:01        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 09:01 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-12-02 02:53 . 2012-12-02 02:53        --------        d-----w-        c:\users\Jan\AppData\Roaming\TuneUp Software
2012-12-02 02:53 . 2012-12-02 02:53        --------        d-----w-        c:\programdata\TuneUp Software
2012-12-02 02:53 . 2012-12-02 02:53        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-02 02:53 . 2012-12-02 02:53        --------        d--h--w-        c:\programdata\Common Files
2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\windows\SysWow64\searchplugins
2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\windows\SysWow64\Extensions
2012-12-02 02:52 . 2012-12-02 02:52        --------        d-----w-        c:\program files\CodeGazer
2012-12-02 02:08 . 2012-12-02 02:17        --------        d-----w-        c:\users\Jan\AppData\Roaming\EvJOWallpaper
2012-12-02 02:08 . 2012-12-02 02:08        --------        d-----w-        c:\program files (x86)\EvJOSoft
2012-12-02 02:04 . 2012-12-02 02:04        --------        d-----w-        c:\windows\Downloaded Installations
2012-12-02 01:58 . 2012-12-02 01:58        2560        ----a-w-        c:\windows\_MSRSTRT.EXE
2012-12-01 23:20 . 2003-05-14 20:07        389120        ------w-        c:\windows\SysWow64\actskn43.ocx
2012-12-01 23:19 . 2012-12-02 01:58        --------        d-----w-        c:\program files (x86)\Wallpaper Juggler
2012-12-01 23:19 . 2001-03-13 13:49        140288        ----a-w-        c:\windows\SysWow64\COMDLG32.OCX
2012-12-01 23:19 . 1998-04-23 23:00        368912        ----a-w-        c:\windows\SysWow64\vbar332.dll
2012-11-28 19:04 . 2012-11-28 19:04        --------        d-----w-        c:\users\Jan\AppData\Local\fontconfig
2012-11-28 19:04 . 2012-12-02 21:47        --------        d-----w-        c:\users\Jan\.gimp-2.8
2012-11-28 19:04 . 2012-11-28 19:04        --------        d-----w-        c:\users\Jan\AppData\Local\gegl-0.2
2012-11-26 20:27 . 2012-11-26 20:27        --------        d-----w-        c:\programdata\AVS4YOU
2012-11-26 20:27 . 2012-11-26 20:27        --------        d-----w-        c:\users\Jan\AppData\Roaming\AVS4YOU
2012-11-26 20:26 . 2012-11-26 20:29        --------        d-----w-        c:\program files (x86)\Common Files\AVSMedia
2012-11-26 20:26 . 2010-07-08 11:25        1700352        ----a-w-        c:\windows\SysWow64\GdiPlus.dll
2012-11-26 20:26 . 2010-07-08 11:25        24576        ----a-w-        c:\windows\SysWow64\msxml3a.dll
2012-11-26 20:26 . 2012-11-26 20:29        --------        d-----w-        c:\program files (x86)\AVS4YOU
2012-11-16 14:26 . 2012-09-25 16:31        91648        ----a-w-        c:\windows\system32\synceng.dll
2012-11-16 14:26 . 2012-09-25 16:19        75776        ----a-w-        c:\windows\SysWow64\synceng.dll
2012-11-16 14:23 . 2012-10-12 14:53        2769920        ----a-w-        c:\windows\system32\win32k.sys
2012-11-09 13:59 . 2012-11-09 13:59        --------        d-----w-        c:\programdata\Tages
2012-11-07 16:22 . 2012-12-02 08:41        --------        d-----w-        c:\users\Jan\AppData\Roaming\FileZilla
2012-11-07 16:22 . 2012-11-17 16:46        --------        d-----w-        c:\program files (x86)\FileZilla FTP Client
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 18:53 . 2012-05-12 15:40        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-12-04 18:53 . 2012-05-12 15:40        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-12-02 02:53 . 2012-05-17 13:21        688640        ----a-w-        c:\windows\system32\themeui.dll
2012-12-02 02:53 . 2008-01-21 02:50        317440        ----a-w-        c:\windows\system32\uxtheme.dll
2012-11-16 20:30 . 2006-11-02 12:35        66395536        ----a-w-        c:\windows\system32\mrt.exe
2012-10-10 19:23 . 2012-10-10 19:23        1867112        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23        18252136        ----a-w-        c:\windows\system32\nvd3dumx.dll
2012-10-10 19:23 . 2012-10-10 19:23        1482600        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2012-10-10 19:23 . 2012-10-10 19:23        6127464        ----a-w-        c:\windows\SysWow64\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23        2574696        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2012-10-10 19:23 . 2012-10-10 19:23        25256296        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-10-10 19:23 . 2012-10-10 19:23        7414632        ----a-w-        c:\windows\system32\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23        2731880        ----a-w-        c:\windows\system32\nvapi64.dll
2012-10-10 19:23 . 2012-10-10 19:23        14922600        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-10-10 19:23 . 2012-10-10 19:23        9146728        ----a-w-        c:\windows\system32\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23        7697768        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23        2218344        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23        12501352        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 19:22 . 2012-10-10 19:22        2428776        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-10-10 19:22 . 2012-10-10 19:22        26331496        ----a-w-        c:\windows\system32\nvoglv64.dll
2012-10-10 19:22 . 2012-02-09 20:43        1760104        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-10-10 19:22 . 2012-02-09 20:43        15309160        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-10-10 19:22 . 2012-10-10 19:22        2747240        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-10-10 19:22 . 2012-10-10 19:22        19906920        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2012-10-10 19:22 . 2012-10-10 19:22        13443944        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 19:22 . 2012-10-10 19:22        17559912        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2012-10-09 15:14 . 2012-10-09 15:14        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-08 17:52 . 2012-10-08 17:52        314016        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2012-10-08 17:52 . 2012-10-08 17:52        43680        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2012-10-02 19:51 . 2012-10-18 12:52        3293544        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-10-18 12:52        6200680        ----a-w-        c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-10-18 12:52        891240        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-10-18 12:52        63336        ----a-w-        c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-10-18 12:52        2557800        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-10-18 12:52        118120        ----a-w-        c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15        430952        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2012-09-28 01:10 . 2012-09-28 01:10        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-09-28 01:10 . 2012-09-28 01:10        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-09-28 01:10 . 2012-09-28 01:10        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-28 01:10 . 2012-09-28 01:10        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-28 01:10 . 2012-09-28 01:10        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-09-28 01:10 . 2012-09-28 01:10        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-09-28 01:10 . 2012-09-28 01:10        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-09-28 01:10 . 2012-09-28 01:10        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-09-28 01:10 . 2012-09-28 01:10        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-09-28 01:10 . 2012-09-28 01:10        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-09-28 01:10 . 2012-09-28 01:10        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-09-28 01:10 . 2012-09-28 01:10        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-09-28 01:10 . 2012-09-28 01:10        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-09-28 01:10 . 2012-09-28 01:10        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-09-28 01:10 . 2012-09-28 01:10        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-09-28 01:10 . 2012-09-28 01:10        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-09-28 01:10 . 2012-09-28 01:10        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-09-28 01:10 . 2012-09-28 01:10        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2012-09-28 01:10 . 2012-09-28 01:10        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-09-28 01:10 . 2012-09-28 01:10        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-09-28 01:10 . 2012-09-28 01:10        267776        ----a-w-        c:\windows\system32\ieaksie.dll
2012-09-28 01:10 . 2012-09-28 01:10        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-09-28 01:10 . 2012-09-28 01:10        197120        ----a-w-        c:\windows\system32\msrating.dll
2012-09-28 01:10 . 2012-09-28 01:10        163840        ----a-w-        c:\windows\system32\ieakui.dll
2012-09-28 01:10 . 2012-09-28 01:10        160256        ----a-w-        c:\windows\system32\ieakeng.dll
2012-09-28 01:10 . 2012-09-28 01:10        145920        ----a-w-        c:\windows\system32\iepeers.dll
2012-09-28 01:10 . 2012-09-28 01:10        136192        ----a-w-        c:\windows\system32\advpack.dll
2012-09-28 01:10 . 2012-09-28 01:10        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-09-28 01:10 . 2012-09-28 01:10        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-09-28 01:10 . 2012-09-28 01:10        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-09-28 01:10 . 2012-09-28 01:10        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-09-28 01:10 . 2012-09-28 01:10        10752        ----a-w-        c:\windows\system32\msfeedssync.exe
2012-09-28 01:10 . 2012-09-28 01:10        89088        ----a-w-        c:\windows\system32\ie4uinit.exe
2012-09-28 01:10 . 2012-09-28 01:10        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-09-28 01:10 . 2012-09-28 01:10        82432        ----a-w-        c:\windows\system32\icardie.dll
2012-09-28 01:10 . 2012-09-28 01:10        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-09-28 01:10 . 2012-09-28 01:10        534528        ----a-w-        c:\windows\system32\ieapfltr.dll
2012-09-28 01:10 . 2012-09-28 01:10        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2012-09-28 01:10 . 2012-09-28 01:10        448512        ----a-w-        c:\windows\system32\html.iec
2012-09-28 01:10 . 2012-09-28 01:10        403248        ----a-w-        c:\windows\system32\iedkcs32.dll
2012-09-28 01:10 . 2012-09-28 01:10        39936        ----a-w-        c:\windows\system32\iernonce.dll
2012-09-28 01:10 . 2012-09-28 01:10        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat
2012-09-28 01:10 . 2012-09-28 01:10        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-09-28 01:10 . 2012-09-28 01:10        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2012-09-28 01:10 . 2012-09-28 01:10        249344        ----a-w-        c:\windows\system32\webcheck.dll
2012-09-28 01:10 . 2012-09-28 01:10        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-09-28 01:10 . 2012-09-28 01:10        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-09-28 01:10 . 2012-09-28 01:10        103936        ----a-w-        c:\windows\system32\inseng.dll
2012-09-28 01:10 . 2012-09-28 01:10        65024        ----a-w-        c:\windows\system32\pngfilt.dll
2012-09-28 01:10 . 2012-09-28 01:10        149504        ----a-w-        c:\windows\system32\occache.dll
2012-09-26 18:57 . 2012-10-07 09:24        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2012-09-26 18:57 . 2012-09-26 18:57        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2012-09-26 18:57 . 2012-09-26 18:57        330240        ----a-w-        c:\windows\MASetupCaller.dll
2012-09-26 18:57 . 2012-09-26 18:57        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2012-09-26 18:57 . 2012-10-07 09:23        319456        ----a-w-        c:\windows\SysWow64\DIFxAPI.dll
2012-09-26 18:57 . 2012-09-26 18:57        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll
2012-09-26 18:57 . 2012-09-26 18:57        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll
2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll
2012-09-26 18:57 . 2012-09-26 18:57        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax
2012-09-26 18:57 . 2012-09-26 18:57        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll
2012-09-26 18:57 . 2012-09-26 18:57        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Akamai NetSession Interface"="c:\users\Jan\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-04-23 1904640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,5b,27,40,9b,f1,90,b3,fd,37,90,8d,e4,66,29,ee,35,44,05,5e,32,
  49,e2,cc,61,68,84,d5,44,11,1d,3e,37,f6,6d,bb,f8,34,66,c1,5e,b4,42,06,7e,a3,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-05  21:20:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-05 20:20
ComboFix2.txt  2012-12-05 19:27
ComboFix3.txt  2012-12-04 22:12
.
Vor Suchlauf: 14 Verzeichnis(se), 314.587.115.520 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 314.422.857.728 Bytes frei
.
- - End Of File - - 0F4595E55AA982A81BADA0C4EFEBF302
--- --- ---



Wegen dem Internet es geht immer noch nicht da steht"Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden" hab leider keine Ahnung was das bedeutet vielleicht kannst du damit ja was anfangen.

M-K-D-B 06.12.2012 19:14
Servus,


Führe den folgenden OTL-Fix aus und berichte, ob du nun wieder Internetzugriff hast.



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:files
netsh winsock reset /C

:Commands
[reboot]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Nirobe 06.12.2012 19:56
Was meinst du mit unkenntlich gemachten stellen??

M-K-D-B 06.12.2012 20:27
Servus,


damit meine ich Benutzernamen, an die gerne mal durch ***** ersetzt werden.


Das betrifft dich aber nicht. ;)

Nirobe 06.12.2012 20:39
========== FILES ==========
< netsh winsock reset /C >
Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107
Der Winsock-Katalog wurde zurückgesetzt.
Sie müssen den Computer neu starten, um den Vorgang abzuschließen.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12062012_202959

M-K-D-B 06.12.2012 20:40
Servus,



wie sieht es mit dem Internet aus?

Nirobe 06.12.2012 20:40
Das Internet geht immer noch nicht allerdings Steam klappt im offline Modus wieder

hast du irdentwie ein Chat wo wir schreiben können? Hab grade den Laptop von meinem Bruder da.

M-K-D-B 06.12.2012 20:51
Servus,





Schritt 1
Drücke Start.
Gib in den Suchleiste CMD ein.
Bei den Ergebnissen rechtsklick auf die cmd.exe -> Als Administrator starten
Gib im Fenster folgendes ein: netsh winsock reset
Bestätige mit Enter.
Starte deinen Rechner im Abschluss neu auf.





Schritt 2
Downloade dir bitte Farbar's Service Scanner auf deinen Desktop.
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.





Bitte poste mit deiner nächsten Antwort
  • eine Rückmeldung, ob du wieder ins Internet kommst,
  • die Logdatei von FSS.

Nirobe 06.12.2012 21:29
JUHUUU Internet geht Wieder ;D Dafür Schonmal VIEELEN Danke

Hier die Datei:


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-09-25 15:42] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-25 15:45] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2012-05-13 11:38] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2012-05-17 14:21] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2012-05-17 14:22] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2012-05-17 14:21] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 21:26] - [2012-06-02 01:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****



P.s. Die Mystart Incredibar ist auch weg ;D

Noch eine frage Wie kann ich (bei Vista ) Die Fensterfarbe und Darstellung "Editieren" bzw neue hinzufügen da der alte Vista style nicht mehr geht nun muss ich mit dem Standard Windows aussehen klar kommen was mir aber auf dauer so nicht gefällt kann ich da irgend was machen das das wieder geht?

M-K-D-B 07.12.2012 17:45
Servus,



Zitat:
Zitat von Nirobe (Beitrag 969339)
JUHUUU Internet geht Wieder ;D Dafür Schonmal VIEELEN Danke


P.s. Die Mystart Incredibar ist auch weg ;D
Sehr gut! :daumenhoc



Zitat:
Zitat von Nirobe (Beitrag 969339)
Noch eine frage Wie kann ich (bei Vista ) Die Fensterfarbe und Darstellung "Editieren" bzw neue hinzufügen da der alte Vista style nicht mehr geht nun muss ich mit dem Standard Windows aussehen klar kommen was mir aber auf dauer so nicht gefällt kann ich da irgend was machen das das wieder geht?
Rechtsklick auf den Desktop > Anpassen
Dort solltest du diverse Einstellungen zur Darstellung finden. :)

Es gibt noch was zu tun, also halten wir uns ran. ;)





Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"Start"=dword:00000002

:Commands
[reboot]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
  • Starte das Tool FSS mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Windows Defender
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.





Schritt 3
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei von FSS,
  • die beiden Logdateien von OTL.

Nirobe 07.12.2012 18:29
Schritt 1:
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\\"Start"|dword:00000002 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12072012_182301

Schritt2:
Farbar Service Scanner Version: 04-12-2012
Ran by Jan (administrator) on 07-12-2012 at 18:37:17
Running from "C:\Users\Jan\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************



Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-05-17 14:22] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

Nirobe 07.12.2012 18:49
Schritt 3:
OTL Datei:OTL Logfile:
Code:
OTL logfile created on: 07.12.2012 18:38:16 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free
8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,82 Gb Total Space | 291,49 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.16 16:02:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2012.02.28 16:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012.11.10 20:57:08 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.12.07 18:09:36 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.16 16:03:43 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer)
SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.16 20:17:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.16 20:17:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b1bc278b-ece7-4b10-9fc2-92b816bef6e7&apn_sauid=2A277287-BD34-477E-9E77-80F55EA59D10
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\
CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.12.05 21:17:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.06 23:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.06 23:18:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.06 23:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.06 21:17:44 | 000,696,153 | ---- | C] (Farbar) -- C:\Users\Jan\Desktop\FSS.exe
[2012.12.06 20:29:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.05 23:03:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Avira
[2012.12.05 23:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.05 22:59:38 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.05 22:59:38 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.05 22:59:38 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.05 22:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.05 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\temp
[2012.12.05 21:17:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.12.05 20:55:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.05 19:49:08 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe
[2012.12.05 16:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2012.12.05 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
[2012.12.05 16:35:14 | 000,480,560 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex
[2012.12.04 22:45:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.04 22:45:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.04 22:45:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.04 22:44:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.04 22:44:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.04 22:39:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\APN
[2012.12.04 22:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.04 22:26:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.04 22:26:07 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.04 22:22:20 | 000,907,917 | ---- | C] (Chilkat Software, Inc.) -- C:\Users\Jan\Desktop\JRT.exe
[2012.12.04 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.04 19:54:23 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.04 19:54:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.04 19:54:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.04 19:54:13 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.04 19:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.03 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.03 21:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.12.03 20:25:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe
[2012.12.03 17:34:55 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jan\Desktop\aswMBR.exe
[2012.12.03 16:55:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData
[2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes
[2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software
[2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer
[2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper
[2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft
[2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler
[2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2
[2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8
[2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU
[2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung
[2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken
[2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.07 18:31:53 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.07 18:31:53 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.07 18:31:53 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.07 18:31:52 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.07 18:31:52 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.07 18:24:29 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.07 18:24:19 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.07 18:24:19 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.07 18:24:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.07 17:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.06 21:17:56 | 000,696,153 | ---- | M] (Farbar) -- C:\Users\Jan\Desktop\FSS.exe
[2012.12.05 21:17:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.05 19:46:10 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe
[2012.12.05 19:20:28 | 000,091,542 | ---- | M] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf
[2012.12.04 22:23:39 | 000,907,917 | ---- | M] (Chilkat Software, Inc.) -- C:\Users\Jan\Desktop\JRT.exe
[2012.12.04 22:01:40 | 000,540,743 | ---- | M] () -- C:\Users\Jan\Desktop\adwcleaner.exe
[2012.12.04 19:54:01 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.04 19:53:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.04 19:53:59 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.04 19:53:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.04 19:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.04 19:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.03 20:25:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe
[2012.12.03 20:22:58 | 000,000,512 | ---- | M] () -- C:\Users\Jan\Desktop\MBR.dat
[2012.12.03 17:35:37 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jan\Desktop\aswMBR.exe
[2012.12.03 17:25:36 | 000,000,168 | ---- | M] () -- C:\Users\Jan\defogger_reenable
[2012.12.03 17:25:18 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Desktop\Defogger.exe
[2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.24 21:12:22 | 000,000,432 | -HS- | M] () -- C:\Users\Jan\Desktop\desktop (2).ini
[2012.11.16 20:17:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.16 20:17:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.05 21:36:55 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf
[2012.12.05 19:16:33 | 000,091,542 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf
[2012.12.04 22:45:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.04 22:45:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.04 22:45:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.04 22:45:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.04 22:45:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.04 22:01:34 | 000,540,743 | ---- | C] () -- C:\Users\Jan\Desktop\adwcleaner.exe
[2012.12.03 20:22:58 | 000,000,512 | ---- | C] () -- C:\Users\Jan\Desktop\MBR.dat
[2012.12.03 17:25:36 | 000,000,168 | ---- | C] () -- C:\Users\Jan\defogger_reenable
[2012.12.03 17:25:16 | 000,050,477 | ---- | C] () -- C:\Users\Jan\Desktop\Defogger.exe
[2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel
[2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf
[2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf
[2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf
[2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf
[2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf
[2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf
[2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >
--- --- ---


Schritt3:
EXTRAS DATEI:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 07.12.2012 18:38:16 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free
8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,82 Gb Total Space | 291,49 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 21 ED 00 C1 1A 9A CD 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C00E5FE-F986-40AB-86E0-4818A5A791CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C42CBF4-D37B-423F-B7D0-73548591CAFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27836FFE-3E2B-40BA-8B07-824F5668CC05}" = lport=139 | protocol=6 | dir=in | app=system |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4B0FD562-3FC3-4940-9072-5959BDB5B932}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D63F81D-A5D9-4946-AD3D-7AD7AF1B6902}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B2D7AFF-3CB8-4749-8887-2A74157ECCB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B186C461-6ED7-450E-AF21-7BE8836E5A73}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE97D4B3-E61B-4876-BD5E-7E17144B9336}" = lport=445 | protocol=6 | dir=in | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9F968A6-5B72-48CB-9DAF-3D16B52000EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{E5BC9E55-7343-4C4C-9443-571C99B273AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C1F8059-A442-4EAA-A898-8E1B7184DB73}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{136918B9-BD20-4E25-B6B0-B14E97E3D332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F8AD80B-E818-435D-BE3F-D0FA9E4CCC8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{2D75E5F2-8195-4808-9F38-E68E980C3344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{361CC462-1DDF-486F-BAFD-20C57936612D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CBB30D7-F3A6-4AF2-BA94-BE36E889BE88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{41B1BDF8-590E-461B-8522-8A266DC1D9CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47DDA791-6F23-4CC3-8818-E19D0AC1442D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52704BD5-52B7-4D6D-86CB-9B9BC04CFBEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5399A88D-9864-41F0-BB36-40A4D6A54AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{54971BF3-7EEC-4946-A445-FB53226F1D18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{565D92B6-F108-4200-A048-662A1C805700}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63425C82-3BC3-435C-815C-2225FF284242}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FA8E28E-E3BB-4DCC-A9B9-D12EDE9D0DDE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72083ACC-FC53-4E37-855C-587FFAAD15A7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{750520CE-63F4-4460-BFFF-1D647FF02565}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{75BE7EE3-2C4B-4148-8E0F-72537EF723E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87ABEF09-058B-40BA-B84B-F55ECD111B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{89F2D9C5-AF1B-4581-951C-C6ED5CA89825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{8B751D7E-FBC0-41F4-A880-986B03211ADB}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{8B772FBB-856B-4B99-9D56-672189090FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{8D27D700-9B13-4F8A-AD29-C05FA259B8F6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8F7712CB-3D96-41FF-A8E9-17C6E4320619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{927227B4-EBE5-4B28-A91A-4C43DCB372AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{9A3989D4-2919-43C5-B03E-F08CC2DDB163}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{A2897128-B51D-4882-AB43-7588F138365B}" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8D0F588-05CC-4730-BD72-DF72E02C561B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BC7C0105-A5C9-41A5-B57E-02F963472753}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{CA156975-0847-43EC-A1A7-7890AF10639B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CDA7FCEF-E038-4C8D-8C13-FF5C247FDDE6}" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB6DF9FB-B12C-4FD4-9007-7DC2FBD59B47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{DF542D2D-122A-4D1F-90B1-E249398408F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9D884C2-E997-4324-B721-DEDDD3EDDB53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{024D2D44-73A8-4ACF-9B7E-891F7DC423BD}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe |
"TCP Query User{1ED244D9-4229-4957-9541-D312BBF9564E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3D536110-EC31-4564-966C-F5966D231613}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{7A9888C9-407A-4E38-9A87-D66D73100634}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe |
"TCP Query User{7EBB10CB-FFE3-4410-B071-22190E2B96EC}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe |
"TCP Query User{80CA4EA4-4ECC-4F56-A501-82C4549ADCDB}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{8A3D5B66-5BA3-4EEB-9B28-3525592F1CC7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{99A9C40A-B453-4394-9FA8-2C04C2250FAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C3A75814-7FA0-4108-8409-AB11C0640EBF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{C4601CC2-1197-43C5-8EAB-EDF9E3B97752}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{344BB24F-A0C6-4157-A464-0AB2FCC2BA47}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe |
"UDP Query User{4E699C3C-A433-405B-BE82-B3AF008BCA53}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{60B1AD6F-1E6F-4543-9BB2-83C9A6EDEBC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6E5CF0FE-FB88-48BC-8D97-EAEA06434F2B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{795ED364-8348-4F94-ABE2-670086827E80}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe |
"UDP Query User{AE66EDA7-4EF5-4921-8446-BA746D306004}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe |
"UDP Query User{C974A00B-BA80-4BF3-BE7B-7BC11D68ABAE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E72B96A9-D1C3-4040-A2B6-270E8DB44241}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{E734B016-1C0B-4F91-B8DD-639F9B6350F8}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{EA80E8B1-6398-4E59-8145-4AD371429F1E}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VistaGlazz_is1" = VistaGlazz 2.4
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC58860-75E1-4622-99B3-694903175A12}" = S4 League_EU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 200210" = Realm of the Mad God
"Steam App 202480" = Creation Kit
"Steam App 22350" = BRINK
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 55230" = Saints Row: The Third
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.3
"VMware_Player" = VMware Player
"xampp" = XAMPP 1.8.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FileZilla Client" = FileZilla Client 3.6.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.12.2012 17:37:02 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.12.2012 16:20:02 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.12.2012 12:14:30 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.12.2012 12:54:54 | Computer Name = Jan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1595.686, Zeitstempel
 0x50b7ef0d, fehlerhaftes Modul tier0_s.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x5085e8e8, Ausnahmecode 0xc0000005, Fehleroffset 0x6b977d08,  Prozess-ID 0x52c,
Anwendungsstartzeit 01cdd498e289e574.
 
Error - 07.12.2012 13:25:51 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 05.12.2012 15:10:49 | Computer Name = Jan-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =
 
Error - 05.12.2012 15:12:12 | Computer Name = Jan-PC | Source = HTTP | ID = 15016
Description =
 
Error - 05.12.2012 15:12:12 | Computer Name = Jan-PC | Source = HTTP | ID = 15016
Description =
 
Error - 06.12.2012 16:20:03 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.12.2012 16:21:01 | Computer Name = Jan-PC | Source = bowser | ID = 8003
Description =
 
Error - 06.12.2012 18:24:03 | Computer Name = Jan-PC | Source = bowser | ID = 8003
Description =
 
Error - 07.12.2012 12:14:30 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 07.12.2012 13:09:50 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 07.12.2012 13:09:50 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 07.12.2012 13:25:52 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

M-K-D-B 07.12.2012 20:02
Servus,




Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
IE - HKCU\..\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b1bc278b-ece7-4b10-9fc2-92b816bef6e7&apn_sauid=2A277287-BD34-477E-9E77-80F55EA59D10

:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Nirobe 07.12.2012 20:11
Schritt 1:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jan
->Temp folder emptied: 95352 bytes
->Temporary Internet Files folder emptied: 7066157 bytes
->Java cache emptied: 1838026 bytes
->Google Chrome cache emptied: 88113899 bytes
->Flash cache emptied: 158309 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24362 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35868135 bytes
RecycleBin emptied: 4724261 bytes

Total Files Cleaned = 132,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12072012_200710

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3240.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Schritt 2:
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.12.07.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

07.12.2012 20:17:37
mbam-log-2012-12-07 (20-17-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225672
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Schritt 3:
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.12.07.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

07.12.2012 20:17:37
mbam-log-2012-12-07 (20-17-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 225672
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Sry der Letzte schritt 3 war falsch hier ist die richtige Datei :D
ESET:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=6aba469cf5ee424c84e00df52650490a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-07 09:49:05
# local_time=2012-12-07 10:49:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 96 23415 220340235 16199 0
# compatibility_mode=5892 16776573 100 100 23123 192440851 0 0
# scanned=281104
# found=2
# cleaned=0
# scan_time=7027
C:\Users\Jan\Desktop\Krimskram\Themespack\Themespack\Themespack\Win Xp Pro.exe multiple threats (unable to clean) 6132216F9E5E76DEA273CE255C726440E781F887 I
C:\Users\Jan\Downloads\Themespack.zip multiple threats (unable to clean) B8DE1732EC78300989D6D453E2A4C6BE04C1085B I

Schritt 4:
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Reader 6 Adobe Reader out of Date!
Mozilla Thunderbird 14.0. Thunderbird out of Date!
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Noch mal zu den Darstellung und Anpassungen da gibt es Windows Vista und Windows Aero als style diese beiden sind noch vorhanden aber nicht mehr auswählbar hast du ne ahnung wie ich das ändern kann?

M-K-D-B 08.12.2012 11:00
Servus,


Zitat:
Noch mal zu den Darstellung und Anpassungen da gibt es Windows Vista und Windows Aero als style diese beiden sind noch vorhanden aber nicht mehr auswählbar hast du ne ahnung wie ich das ändern kann?
Dazu fällt mir spontan gerade leider nichts ein.

Du könntest dein Problem aber hier schildern:
Alles rund um Windows


Bitte lösche die folgenden Dateien per Hand:
C:\Users\Jan\Desktop\Krimskram\Themespack\Themespack\Themespack\Win Xp Pro.exe
C:\Users\Jan\Downloads\Themespack.zip




Wenn du keine Probleme mehr hast, die auf Malware hindeuten, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 2
Starte bitte Thunderbird --> Extras --> Einstellungen ---> Erweitert.
Wechsle in den Reiter Update und gehe sicher das Thunderbird nach Updates sucht und installiere diese auch.





Schritt 3
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 4
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 5
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Schließe die sich öffnende Textdatei.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.
  • Starte deinen Rechner neu auf!





Schritt 6
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:43 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132