Trojaner-Board - TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig? (https://www.trojaner-board.de/134141-tr-atraps-gen2-befall-neuaufsetzen-systems-noetig.html)

TR/ATRAPS.Gen2 Befall - Neuaufsetzen des Systems nötig?

Hallo zusammen,
ich verfolge das Forum hier schon seit einiger Zeit und bin wirklich erstaunt, wie professionell die meisten Probleme behandelt werden. Oftmals habe ich bisher Probleme mit Viren / Trojanern etc. einigermaßen selbst in den Griff bekommen, aber dieser TR/ATRAPS.Gen2 scheint ja ein ziemlich schwerer Fall zu sein.

Ich bin ziemlicher Laie auf dem Gebiet, habe aber schon des Öfteren gelesen, dass bei einem solchen Befall nur ein Neuaufsetzen des Systems hilft. Ich möchte das so weit wie möglich umgehen, da ich dafür momentan absolut keine Zeit habe. Deswegen wäre ich euch unendlich dankbar, wenn ihr mir in diesem Falle eine alternative Lösung anbieten könnt.

Ich schätze mal, dass ich mir den Trojaner aufgrund dieser Sicherheitslücke bei Adobe / Flash eingefangen habe, weil ich nach einer Aktualisierung vor einigen Monaten verhäuft Probleme mit dem PC hatte (z.B. Umleitungen bei Google, Sperrung von Internetseiten, Abstürze, Hostprozess wird beendet usw.). Avira zeigt mir beim Echtzeit-Scanner permanent diesen Fund an, sodass es gar nicht mehr richtig funktioniert. Auch Malwarebytes führt nur eine Datei als infiziert auf, ich kann sie in Quarantäne stellen, löschen un den PC neustarten, ohne Erfolg.

Ich habe zwar keine größeren Performance-Probleme mit meinem PC, eigentlich läuft alles ganz normal, aber ich möchte diesen Trojaner verständlicherweise doch gerne loswerden, vor allen Dingen, da ich bisher auch Online-Banking über diesen PC gemacht habe.

Ich habe mal ein aktuelles Malwarebytes-Log angefügt, wie gesagt, ich würde mich sehr freuen, wenn mein System auch ohne komplettes Neuaufsetzen zu retten ist.

LG
Jupp

:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2: OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Schritt 2: Scan mit MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke nicht auf den CleanUp Button

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hallo Marius!
Erst einmal vielen Dank für die schnelle Hilfe. Ich kann mir zwar vorstellen, dass eine Formatierung der schnellere Weg ist, aber mein System danach wieder in den status quo zurückzuversetzen würde mich dafür unendlich viel mehr Zeit kosten. Deswegen hoffe ich mal, dass es auch so geht.

Hier zunächst einmal die beiden Logs von OTL:
OTL Logfile:

Code:

OTL logfile created on: 26.04.2013 11:45:10 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,70% Memory free

8,17 Gb Paging File | 6,62 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 49,27 Gb Total Space | 2,53 Gb Free Space | 5,13% Space Free | Partition Type: NTFS

Drive D: | 416,48 Gb Total Space | 38,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS

 

Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()

PRC - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()

MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()

MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()

MOD - D:\Programme\Rainlendar2\lfs.dll ()

MOD - D:\Programme\Rainlendar2\lua51.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\cpuutil.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\PowerDll.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (DAUpdaterSvc) -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)

DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation                           )

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()

DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CE C0 EE F1 41 CE 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.http: "87.98.136.60"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:11:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:10:59 | 000,000,000 | ---D | M]

 

[2011.07.16 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Extensions

[2013.04.25 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Firefox\Profiles\8fnqi441.default\extensions

[2012.12.12 05:45:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.02.14 06:10:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.04.12 08:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.12 08:11:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.08.12 20:20:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.08.31 18:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 18:12:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.08.31 18:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.31 18:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.31 18:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.31 18:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D07A-F1F5-45A1-9197-CF2292ED39CE}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21EAA53-5830-4C8A-9A84-F18B79B3AB60}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg

O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 0

O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe

O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell - "" = AutoRun

O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell\AutoRun\command - "" = I:\Setup.exe

O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell - "" = AutoRun

O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe

O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell\AutoRun\command - "" = B:\Bin\ASSETUP.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.25 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Avira

[2013.04.25 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2013.04.25 22:26:39 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2013.04.25 22:26:39 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2013.04.25 22:26:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2013.04.25 22:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2013.04.24 17:45:31 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:31 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.24 17:45:31 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Siup

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Nuyt

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Ertu

[2013.04.19 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\.elfohilfe

[2013.04.14 22:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2013.04.12 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.05 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2013.04.05 11:46:00 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2013.04.05 11:46:00 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2013.04.05 11:46:00 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2013.04.05 11:46:00 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2013.04.05 11:46:00 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2013.04.05 11:46:00 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2013.04.05 11:46:00 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2013.04.05 11:46:00 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2013.04.05 11:46:00 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2013.04.05 11:46:00 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2013.04.05 11:46:00 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2013.04.05 11:46:00 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2013.04.05 11:46:00 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2013.04.05 11:46:00 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2013.04.05 11:46:00 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll

[2013.04.05 11:46:00 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll

[2013.04.04 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.26 11:48:24 | 001,468,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.04.26 11:48:24 | 000,636,228 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.04.26 11:48:24 | 000,602,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.04.26 11:48:24 | 000,131,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.04.26 11:48:24 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.04.26 11:42:16 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 11:42:16 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 11:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.26 11:40:53 | 000,000,020 | ---- | M] () -- C:\Users\Jupp\defogger_reenable

[2013.04.25 23:03:01 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.24 17:45:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:13 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:12 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:12 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.23 21:27:31 | 000,036,352 | ---- | M] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.04.18 18:59:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.04.18 18:59:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.04.05 13:34:11 | 000,004,459 | ---- | M] () -- C:\Users\Jupp\.recently-used.xbel

[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.26 11:40:53 | 000,000,020 | ---- | C] () -- C:\Users\Jupp\defogger_reenable

[2013.04.05 13:34:11 | 000,004,459 | ---- | C] () -- C:\Users\Jupp\.recently-used.xbel

[2013.02.10 14:19:50 | 000,000,000 | ---- | C] () -- C:\Users\Jupp\.JavaPowUpload.properties

[2012.05.15 08:51:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2012.05.15 08:51:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2012.05.15 08:51:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2012.05.15 08:45:39 | 000,030,903 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2012.05.10 16:33:31 | 000,010,818 | ---- | C] () -- C:\Windows\scunin.dat

[2012.01.23 01:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012.01.23 01:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.12.14 16:28:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.12.14 16:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.12.14 16:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.10.12 09:56:43 | 001,489,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.09.11 19:11:53 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011.08.07 09:03:38 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011.08.03 12:09:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.07.21 10:24:55 | 000,036,352 | ---- | C] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.17 18:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.07.16 15:19:24 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011.07.16 15:19:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011.07.16 15:19:24 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011.07.16 15:19:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011.07.16 15:19:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001

[2011.07.16 14:22:46 | 000,011,916 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011.07.16 14:22:31 | 000,011,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.07.16 14:19:45 | 000,000,732 | ---- | C] () -- C:\Users\Jupp\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2011.11.18 22:55:05 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\@

[2013.04.19 21:53:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L

[2013.04.26 08:56:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U

[2013.04.26 11:42:12 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\00000004.@

[2013.04.04 17:25:43 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000004.@

[2013.04.23 17:21:36 | 000,001,024 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000008.@

[2013.04.26 08:56:07 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\000000cb.@

[2013.04.04 17:25:43 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000000.@

[2013.04.26 07:55:21 | 000,090,624 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000032.@

[2013.04.26 07:59:21 | 000,077,312 | ---- | M] () -- C:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000064.@

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[2013.04.26 11:42:12 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini

[2013.04.26 11:42:12 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL Extras logfile created on: 26.04.2013 11:45:10 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,70% Memory free

8,17 Gb Paging File | 6,62 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 49,27 Gb Total Space | 2,53 Gb Free Space | 5,13% Space Free | Partition Type: NTFS

Drive D: | 416,48 Gb Total Space | 38,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS

 

Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = 2A E4 C4 4A 6F BA CC 01  [binary data]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== Firewall Settings ==========

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers

"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59

"DriverAgent.exe" = DriverAgent by eSupport.com

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"VLC media player" = VLC media player 2.0.5

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0

"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi

"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Afterburner" = MSI Afterburner 2.1.0

"Avira AntiVir Desktop" = Avira Free Antivirus

"Canon iP3300 Benutzerregistrierung" = Canon iP3300 Benutzerregistrierung

"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung

"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon My Printer

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30

"CrystalDiskInfo_is1" = CrystalDiskInfo 4.2.0a

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"Diablo II" = Diablo II

"Diablo III" = Diablo III

"Earth 2140" = Earth 2140

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ElsterFormular" = ElsterFormular

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206

"Freecorder5.1" = Freecorder 5

"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"LastFM_is1" = Last.fm Scrobbler 2.1.35

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"MechWarrior 3" = MechWarrior 3

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"Mp3tag" = Mp3tag v2.49

"NCLauncher_GameForge" = NC Launcher (GameForge)

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"OCCT" = OCCT 4.1.1

"Rainlendar2" = Rainlendar2 (remove only)

"SpeedFan" = SpeedFan (remove only)

"Starcraft" = Starcraft

"StarCraft II" = StarCraft II

"Sudeki_is1" = Sudeki

"Tomb Raider_is1" = Tomb Raider

"Winamp" = Winamp

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinRAR archiver" = WinRAR

"YTdetect" = Yahoo! Detect

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

"uTorrent" = µTorrent

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 22.03.2013 03:56:59 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.03.2013 02:03:27 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 23.03.2013 17:11:08 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 24.03.2013 04:38:27 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 24.03.2013 09:51:45 | Computer Name = Jupp-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung winamp.exe, Version 5.6.3.3235, Zeitstempel 

0x4fec7b3e, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.6161, Zeitstempel 

0x4dace5b9, Ausnahmecode 0xc0000005, Fehleroffset 0x0003b36a,  Prozess-ID 0xcbc, Anwendungsstartzeit

 01ce288fe8fe25d6.

 

Error - 24.03.2013 09:51:47 | Computer Name = Jupp-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung winamp.exe, Version 5.6.3.3235, Zeitstempel 

0x4fec7b3e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,

 Ausnahmecode 0xc0000005, Fehleroffset 0x0002ab6e,  Prozess-ID 0xcbc, Anwendungsstartzeit

 01ce288fe8fe25d6.

 

Error - 24.03.2013 18:07:22 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.03.2013 02:14:29 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 26.03.2013 02:41:33 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 26.03.2013 03:54:49 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 26.03.2013 12:25:32 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

[ Media Center Events ]

Error - 16.11.2011 11:08:05 | Computer Name = Jupp-PC | Source = Media Center Guide | ID = 0

Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;

 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide
 

 

[ System Events ]

Error - 26.04.2013 02:53:17 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 26.04.2013 02:53:17 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7023

Description = 

 

Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 26.04.2013 05:39:13 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7023

Description = 

 

Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7003

Description = 

 

Error - 26.04.2013 05:43:54 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

--- --- ---

Malwarebytes lasse ich jetzt laufen und poste die Ergebnisse dann später.

Code:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org
 

Database version: v2013.04.26.02
 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jupp :: JUPP-PC [administrator]
 

26.04.2013 12:11:23

mbar-log-2013-04-26 (12-11-23).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 43106

Time elapsed: 7 minute(s), 8 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 1

HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 3

HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (shell32.dll) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (fastprox.dll) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot.
 

Folders Detected: 8

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U (Backdoor.0Access) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.
 

Files Detected: 19

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.

c:\Windows\System32\services.exe (Rootkit.0Access.S) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000008.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000000.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000032.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000064.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.

c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\6715e287 (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot.
 

(end)

Zitat:

-> Delete on reboot.

Du solltest doch ausdrücklich nicht auf cleanup klicken!

Lasse MBAR noch einmal laufen und poste mir die logdatei.
Erstelle außerdem ein neues OTL-Log.

Sorry, aber das "Delete on reboot" steht bei mir auch nach dem zweiten Lauf. Habe gerade noch gar nichts weiter angeklickt, nur das Logfile geöffnet. Bin mir auch ziemlich sicher, dass ich beim ersten Mal nicht auf Cleanup geklickt habe:

Code:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org
 

Database version: v2013.04.26.02
 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jupp :: JUPP-PC [administrator]
 

26.04.2013 12:32:14

mbar-log-2013-04-26 (12-32-14).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 43092

Time elapsed: 6 minute(s), 38 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 1

HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 3

HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (shell32.dll) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (fastprox.dll) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Hijack.Trojan.Siredef.C) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\n.) Good: (%systemroot%\system32\wbem\fastprox.dll) -> Delete on reboot.
 

Folders Detected: 8

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U (Backdoor.0Access) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\U (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\L (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5 (Trojan.Siredef.C) -> Delete on reboot.
 

Files Detected: 19

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-21-2955684649-335532621-787647386-1000\$bc130657f4f8c6501820c0834b5f02e5\@ (Trojan.Siredef.C) -> Delete on reboot.

c:\Windows\System32\services.exe (Rootkit.0Access.S) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\00000008.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000000.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000032.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\U\80000064.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.

c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\6715e287 (Backdoor.0Access) -> Delete on reboot.

c:\Windows\Installer\{bc130657-f4f8-c650-1820-c0834b5f02e5}\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot.

c:\$Recycle.Bin\S-1-5-18\$bc130657f4f8c6501820c0834b5f02e5\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot.
 

(end)

Ah, okay!

Dann lass MBAR die Funde jetzt entfernen, starte neu und poste mir die erstellte Logdatei! :)

OK, jetzt hört Avira schon einmal auf mit dem Gezicke und das Logfile sieht meiner Meinung nach auch etwas besser aus...
Was mir nur gerade aufgefallen ist, auf meiner zweiten Partition (D:, wo ich auch Malwarebytes gespeichert habe) wurden jetzt mehrere Ordner angelegt, die vorher nicht dort waren ("RECYCLE.BIN", "msdownld.tmp", "MSOCache", "System Volume Information"). Teilweise habe ich auf diese Ordner keinen Zugriff. Ist das normal?
Hier noch das aktuelle Logfile:

Code:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org
 

Database version: v2013.04.26.02
 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jupp :: JUPP-PC [administrator]
 

26.04.2013 13:16:03

mbar-log-2013-04-26 (13-16-03).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 43002

Time elapsed: 16 minute(s), 50 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 1

HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

Genau!

Entferne auch diesen Fund.
Sobald MBAR nichts mehr entdeckt, erstelle und poste ein neues OTL-Log!

Malwarebytes findet jetzt keine Trojaner mehr, hier meine aktuellen OTL-Logs:

Code:

OTL logfile created on: 26.04.2013 15:00:00 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,13% Memory free

8,22 Gb Paging File | 6,43 Gb Available in Paging File | 78,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 49,27 Gb Total Space | 3,26 Gb Free Space | 6,61% Space Free | Partition Type: NTFS

Drive D: | 416,48 Gb Total Space | 38,72 Gb Free Space | 9,30% Space Free | Partition Type: NTFS

 

Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - D:\Programme\Last.fm\Last.fm Scrobbler.exe (Last.fm)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - D:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)

PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)

PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()

PRC - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winamp.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_milk2.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_avs.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_nsfs.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\tagz.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winampa.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_pmp.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_wifi.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_ipod.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ombrowser.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_android.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_ds.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_wire.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_usb.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_transcode.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_wave.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_disk.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_rg.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_activesync.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_p4s.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_njb.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\playlist.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_local.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_disc.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_plg.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp3.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_midi.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mod.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wm.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_online.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_cdda.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_playlists.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_nsv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_vorbis.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_undo.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_downloads.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_history.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_devices.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_tray.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_autotag.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wav.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_dshow.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wave.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flac.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_impex.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_bookmarks.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp4.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_avi.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_enqplay.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mkv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_orb.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_nowplaying.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_addons.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_swf.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_linein.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\burnlib.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex_original.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_classicart.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ff.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ml.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_play_remove.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\dsp_sps.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_skinmanager.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_hotkeys.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\auth.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_timerestore.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_nopro.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_orgler.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_crasher.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_fhgaac.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wma.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_lame.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_find_on_disk.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wav.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_vorbis.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_flac.lng ()

MOD - D:\Programme\Last.fm\listener.dll ()

MOD - D:\Programme\Last.fm\unicorn.dll ()

MOD - D:\Programme\Last.fm\logger.dll ()

MOD - D:\Programme\Last.fm\lastfm.dll ()

MOD - D:\Programme\Last.fm\plugins\phonon_backend\phonon_vlc.dll ()

MOD - D:\Programme\Last.fm\phonon.dll ()

MOD - D:\Programme\Last.fm\libvlccore.dll ()

MOD - D:\Programme\Last.fm\plugins\audio_output\libaout_directx_plugin.dll ()

MOD - D:\Programme\Last.fm\libvlc.dll ()

MOD - D:\Programme\Winamp\System\jnetlib.w5s ()

MOD - D:\Programme\Winamp\System\jpeg.w5s ()

MOD - D:\Programme\Winamp\System\xml.w5s ()

MOD - D:\Programme\Winamp\System\png.w5s ()

MOD - D:\Programme\Winamp\System\playlist.w5s ()

MOD - D:\Programme\Winamp\tataki.dll ()

MOD - D:\Programme\Winamp\zlib.dll ()

MOD - D:\Programme\Winamp\System\timer.w5s ()

MOD - D:\Programme\Winamp\System\tagz.w5s ()

MOD - D:\Programme\Winamp\System\primo.w5s ()

MOD - D:\Programme\Winamp\Plugins\in_wm.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_local.dll ()

MOD - D:\Programme\Winamp\Plugins\in_vorbis.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_devices.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_pmp.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_disc.dll ()

MOD - D:\Programme\Winamp\System\auth.w5s ()

MOD - D:\Programme\Winamp\Plugins\pmp_ipod.dll ()

MOD - D:\Programme\Winamp\Plugins\unrar.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_online.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_p4s.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_wifi.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_playlists.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_plg.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_android.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_impex.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_usb.dll ()

MOD - D:\Programme\Winamp\Plugins\out_ds.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_history.dll ()

MOD - D:\Programme\Winamp\System\devices.w5s ()

MOD - D:\Programme\Winamp\Plugins\ml_rg.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_transcode.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_bookmarks.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_autotag.dll ()

MOD - D:\Programme\Winamp\Plugins\in_swf.dll ()

MOD - D:\Programme\Winamp\System\albumart.w5s ()

MOD - D:\Programme\Winamp\Plugins\out_disk.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_njb.dll ()

MOD - D:\Programme\Winamp\System\gif.w5s ()

MOD - D:\Programme\Winamp\System\bmp.w5s ()

MOD - D:\Programme\Winamp\Plugins\out_wave.dll ()

MOD - D:\Programme\Winamp\Plugins\in_wave.dll ()

MOD - D:\Programme\Winamp\System\dlmgr.w5s ()

MOD - D:\Programme\Winamp\System\gracenote.w5s ()

MOD - D:\Programme\Winamp\System\filereader.w5s ()

MOD - D:\Programme\Winamp\Plugins\gen_ff.dll ()

MOD - D:\Programme\Winamp\nsutil.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_ml.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mp3.dll ()

MOD - D:\Programme\Winamp\libsndfile.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_jumpex.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mod.dll ()

MOD - D:\Programme\Winamp\Plugins\in_midi.dll ()

MOD - D:\Programme\Winamp\Plugins\in_cdda.dll ()

MOD - D:\Programme\Winamp\nde.dll ()

MOD - D:\Programme\Winamp\Plugins\in_nsv.dll ()

MOD - D:\Programme\Winamp\Plugins\in_dshow.dll ()

MOD - D:\Programme\Winamp\Plugins\in_avi.dll ()

MOD - D:\Programme\Winamp\Plugins\in_flac.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_orgler.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mp4.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mkv.dll ()

MOD - D:\Programme\Winamp\Plugins\in_flv.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_hotkeys.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_tray.dll ()

MOD - D:\Programme\Winamp\Plugins\in_linein.dll ()

MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()

MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()

MOD - D:\Programme\Rainlendar2\lfs.dll ()

MOD - D:\Programme\Rainlendar2\lua51.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\cpuutil.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\PowerDll.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (DAUpdaterSvc) -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)

DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation                           )

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()

DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CE C0 EE F1 41 CE 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.http: "87.98.136.60"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:11:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:10:59 | 000,000,000 | ---D | M]

 

[2011.07.16 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Extensions

[2013.04.25 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Firefox\Profiles\8fnqi441.default\extensions

[2012.12.12 05:45:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.02.14 06:10:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.04.12 08:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.12 08:11:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.08.12 20:20:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.08.31 18:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 18:12:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.08.31 18:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.31 18:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.31 18:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.31 18:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()

O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D07A-F1F5-45A1-9197-CF2292ED39CE}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21EAA53-5830-4C8A-9A84-F18B79B3AB60}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg

O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 0

O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe

O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell - "" = AutoRun

O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell\AutoRun\command - "" = I:\Setup.exe

O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell - "" = AutoRun

O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe

O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell\AutoRun\command - "" = B:\Bin\ASSETUP.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.25 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Avira

[2013.04.25 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2013.04.25 22:26:39 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2013.04.25 22:26:39 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2013.04.25 22:26:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2013.04.25 22:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2013.04.24 17:45:31 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:31 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.24 17:45:31 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Siup

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Nuyt

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Ertu

[2013.04.19 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\.elfohilfe

[2013.04.14 22:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2013.04.12 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.05 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2013.04.05 11:46:00 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2013.04.05 11:46:00 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2013.04.05 11:46:00 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2013.04.05 11:46:00 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2013.04.05 11:46:00 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2013.04.05 11:46:00 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2013.04.05 11:46:00 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2013.04.05 11:46:00 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2013.04.05 11:46:00 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2013.04.05 11:46:00 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2013.04.05 11:46:00 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2013.04.05 11:46:00 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2013.04.05 11:46:00 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2013.04.05 11:46:00 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2013.04.05 11:46:00 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll

[2013.04.05 11:46:00 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll

[2013.04.04 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 12:56:20 | 001,468,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.04.26 12:56:20 | 000,636,228 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.04.26 12:56:20 | 000,602,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.04.26 12:56:20 | 000,131,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.04.26 12:56:20 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.04.26 12:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.26 11:40:53 | 000,000,020 | ---- | M] () -- C:\Users\Jupp\defogger_reenable

[2013.04.25 23:03:01 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.24 17:45:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:13 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:12 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:12 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.23 21:27:31 | 000,036,352 | ---- | M] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.04.18 18:59:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.04.18 18:59:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.04.05 13:34:11 | 000,004,459 | ---- | M] () -- C:\Users\Jupp\.recently-used.xbel

[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.26 11:40:53 | 000,000,020 | ---- | C] () -- C:\Users\Jupp\defogger_reenable

[2013.04.05 13:34:11 | 000,004,459 | ---- | C] () -- C:\Users\Jupp\.recently-used.xbel

[2013.02.10 14:19:50 | 000,000,000 | ---- | C] () -- C:\Users\Jupp\.JavaPowUpload.properties

[2012.05.15 08:51:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2012.05.15 08:51:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2012.05.15 08:51:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2012.05.15 08:45:39 | 000,030,903 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2012.05.10 16:33:31 | 000,010,818 | ---- | C] () -- C:\Windows\scunin.dat

[2012.01.23 01:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012.01.23 01:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.12.14 16:28:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.12.14 16:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.12.14 16:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.10.12 09:56:43 | 001,489,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.09.11 19:11:53 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011.08.07 09:03:38 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011.08.03 12:09:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.07.21 10:24:55 | 000,036,352 | ---- | C] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.17 18:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.07.16 15:19:24 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011.07.16 15:19:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011.07.16 15:19:24 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011.07.16 15:19:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011.07.16 15:19:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001

[2011.07.16 14:22:46 | 000,011,916 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011.07.16 14:22:31 | 000,011,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.07.16 14:19:45 | 000,000,732 | ---- | C] () -- C:\Users\Jupp\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysWOW64\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

Code:

OTL logfile created on: 26.04.2013 15:00:00 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,13% Memory free

8,22 Gb Paging File | 6,43 Gb Available in Paging File | 78,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 49,27 Gb Total Space | 3,26 Gb Free Space | 6,61% Space Free | Partition Type: NTFS

Drive D: | 416,48 Gb Total Space | 38,72 Gb Free Space | 9,30% Space Free | Partition Type: NTFS

 

Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - D:\Programme\Last.fm\Last.fm Scrobbler.exe (Last.fm)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - D:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)

PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)

PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()

PRC - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winamp.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_milk2.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_avs.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\vis_nsfs.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\tagz.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\winampa.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_pmp.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_wifi.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_ipod.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ombrowser.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_android.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_ds.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_wire.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_usb.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_transcode.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_wave.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\out_disk.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_rg.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_activesync.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_p4s.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\pmp_njb.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\playlist.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_local.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_disc.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_plg.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp3.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_midi.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mod.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wm.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_online.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_cdda.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_playlists.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_nsv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_vorbis.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_undo.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_downloads.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_history.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_devices.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_tray.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_autotag.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wav.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_dshow.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wave.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flac.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_impex.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_bookmarks.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mp4.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_avi.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_enqplay.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_wv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_mkv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_orb.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_nowplaying.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\ml_addons.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_swf.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_linein.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\in_flv.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\burnlib.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex_original.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_jumpex.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_classicart.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ff.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_ml.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_play_remove.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\dsp_sps.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_skinmanager.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_hotkeys.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\auth.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_timerestore.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_nopro.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_orgler.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_crasher.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_fhgaac.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wma.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_lame.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\gen_find_on_disk.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_wav.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_vorbis.lng ()

MOD - C:\Users\Jupp\AppData\Local\Temp\WLZ60F5.tmp\enc_flac.lng ()

MOD - D:\Programme\Last.fm\listener.dll ()

MOD - D:\Programme\Last.fm\unicorn.dll ()

MOD - D:\Programme\Last.fm\logger.dll ()

MOD - D:\Programme\Last.fm\lastfm.dll ()

MOD - D:\Programme\Last.fm\plugins\phonon_backend\phonon_vlc.dll ()

MOD - D:\Programme\Last.fm\phonon.dll ()

MOD - D:\Programme\Last.fm\libvlccore.dll ()

MOD - D:\Programme\Last.fm\plugins\audio_output\libaout_directx_plugin.dll ()

MOD - D:\Programme\Last.fm\libvlc.dll ()

MOD - D:\Programme\Winamp\System\jnetlib.w5s ()

MOD - D:\Programme\Winamp\System\jpeg.w5s ()

MOD - D:\Programme\Winamp\System\xml.w5s ()

MOD - D:\Programme\Winamp\System\png.w5s ()

MOD - D:\Programme\Winamp\System\playlist.w5s ()

MOD - D:\Programme\Winamp\tataki.dll ()

MOD - D:\Programme\Winamp\zlib.dll ()

MOD - D:\Programme\Winamp\System\timer.w5s ()

MOD - D:\Programme\Winamp\System\tagz.w5s ()

MOD - D:\Programme\Winamp\System\primo.w5s ()

MOD - D:\Programme\Winamp\Plugins\in_wm.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_local.dll ()

MOD - D:\Programme\Winamp\Plugins\in_vorbis.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_devices.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_pmp.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_disc.dll ()

MOD - D:\Programme\Winamp\System\auth.w5s ()

MOD - D:\Programme\Winamp\Plugins\pmp_ipod.dll ()

MOD - D:\Programme\Winamp\Plugins\unrar.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_online.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_p4s.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_wifi.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_playlists.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_plg.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_android.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_impex.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_usb.dll ()

MOD - D:\Programme\Winamp\Plugins\out_ds.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_history.dll ()

MOD - D:\Programme\Winamp\System\devices.w5s ()

MOD - D:\Programme\Winamp\Plugins\ml_rg.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_transcode.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_bookmarks.dll ()

MOD - D:\Programme\Winamp\Plugins\ml_autotag.dll ()

MOD - D:\Programme\Winamp\Plugins\in_swf.dll ()

MOD - D:\Programme\Winamp\System\albumart.w5s ()

MOD - D:\Programme\Winamp\Plugins\out_disk.dll ()

MOD - D:\Programme\Winamp\Plugins\pmp_njb.dll ()

MOD - D:\Programme\Winamp\System\gif.w5s ()

MOD - D:\Programme\Winamp\System\bmp.w5s ()

MOD - D:\Programme\Winamp\Plugins\out_wave.dll ()

MOD - D:\Programme\Winamp\Plugins\in_wave.dll ()

MOD - D:\Programme\Winamp\System\dlmgr.w5s ()

MOD - D:\Programme\Winamp\System\gracenote.w5s ()

MOD - D:\Programme\Winamp\System\filereader.w5s ()

MOD - D:\Programme\Winamp\Plugins\gen_ff.dll ()

MOD - D:\Programme\Winamp\nsutil.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_ml.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mp3.dll ()

MOD - D:\Programme\Winamp\libsndfile.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_jumpex.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mod.dll ()

MOD - D:\Programme\Winamp\Plugins\in_midi.dll ()

MOD - D:\Programme\Winamp\Plugins\in_cdda.dll ()

MOD - D:\Programme\Winamp\nde.dll ()

MOD - D:\Programme\Winamp\Plugins\in_nsv.dll ()

MOD - D:\Programme\Winamp\Plugins\in_dshow.dll ()

MOD - D:\Programme\Winamp\Plugins\in_avi.dll ()

MOD - D:\Programme\Winamp\Plugins\in_flac.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_orgler.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mp4.dll ()

MOD - D:\Programme\Winamp\Plugins\in_mkv.dll ()

MOD - D:\Programme\Winamp\Plugins\in_flv.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_hotkeys.dll ()

MOD - D:\Programme\Winamp\Plugins\gen_tray.dll ()

MOD - D:\Programme\Winamp\Plugins\in_linein.dll ()

MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()

MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()

MOD - D:\Programme\Rainlendar2\lfs.dll ()

MOD - D:\Programme\Rainlendar2\lua51.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\cpuutil.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\PowerDll.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (DAUpdaterSvc) -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)

DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation                           )

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()

DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CE C0 EE F1 41 CE 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.http: "87.98.136.60"

FF - prefs.js..network.proxy.http_port: 80

FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:11:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:10:59 | 000,000,000 | ---D | M]

 

[2011.07.16 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Extensions

[2013.04.25 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Firefox\Profiles\8fnqi441.default\extensions

[2012.12.12 05:45:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.02.14 06:10:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.04.12 08:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.12 08:11:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.08.12 20:20:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.08.31 18:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 18:12:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.08.31 18:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.31 18:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.31 18:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.31 18:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()

O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D07A-F1F5-45A1-9197-CF2292ED39CE}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21EAA53-5830-4C8A-9A84-F18B79B3AB60}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg

O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Desktop\The_Simpsons_1680 x 1050 widescreen.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 0

O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1a66d130-690a-11e1-ae57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe

O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell - "" = AutoRun

O33 - MountPoints2\{4642c5c5-2663-11e1-8996-00248c2af28a}\Shell\AutoRun\command - "" = I:\Setup.exe

O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell - "" = AutoRun

O33 - MountPoints2\{7133bda4-afaa-11e0-b4f4-00248c2af28a}\Shell\AutoRun\command - "" = J:\OriginInstaller.exe

O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{b2cf56e9-afa4-11e0-8069-806e6f6e6963}\Shell\AutoRun\command - "" = B:\Bin\ASSETUP.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.25 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Avira

[2013.04.25 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2013.04.25 22:26:39 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2013.04.25 22:26:39 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2013.04.25 22:26:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2013.04.25 22:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2013.04.24 17:45:31 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:31 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.24 17:45:31 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Siup

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Nuyt

[2013.04.21 09:32:09 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Ertu

[2013.04.19 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\.elfohilfe

[2013.04.14 22:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2013.04.12 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.05 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2013.04.05 11:46:00 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2013.04.05 11:46:00 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2013.04.05 11:46:00 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2013.04.05 11:46:00 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2013.04.05 11:46:00 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2013.04.05 11:46:00 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2013.04.05 11:46:00 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2013.04.05 11:46:00 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2013.04.05 11:46:00 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2013.04.05 11:46:00 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2013.04.05 11:46:00 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2013.04.05 11:46:00 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2013.04.05 11:46:00 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2013.04.05 11:46:00 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2013.04.05 11:46:00 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll

[2013.04.05 11:46:00 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll

[2013.04.04 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 14:49:44 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.26 12:56:20 | 001,468,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.04.26 12:56:20 | 000,636,228 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.04.26 12:56:20 | 000,602,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.04.26 12:56:20 | 000,131,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.04.26 12:56:20 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.04.26 12:49:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.26 11:40:53 | 000,000,020 | ---- | M] () -- C:\Users\Jupp\defogger_reenable

[2013.04.25 23:03:01 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.24 17:45:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:13 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:12 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:12 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.23 21:27:31 | 000,036,352 | ---- | M] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.04.18 18:59:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.04.18 18:59:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.04.05 13:34:11 | 000,004,459 | ---- | M] () -- C:\Users\Jupp\.recently-used.xbel

[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.26 11:40:53 | 000,000,020 | ---- | C] () -- C:\Users\Jupp\defogger_reenable

[2013.04.05 13:34:11 | 000,004,459 | ---- | C] () -- C:\Users\Jupp\.recently-used.xbel

[2013.02.10 14:19:50 | 000,000,000 | ---- | C] () -- C:\Users\Jupp\.JavaPowUpload.properties

[2012.05.15 08:51:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2012.05.15 08:51:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2012.05.15 08:51:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2012.05.15 08:45:39 | 000,030,903 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2012.05.10 16:33:31 | 000,010,818 | ---- | C] () -- C:\Windows\scunin.dat

[2012.01.23 01:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012.01.23 01:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.12.14 16:28:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.12.14 16:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.12.14 16:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.10.12 09:56:43 | 001,489,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.09.11 19:11:53 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011.08.07 09:03:38 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011.08.03 12:09:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.07.21 10:24:55 | 000,036,352 | ---- | C] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.17 18:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.07.16 15:19:24 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011.07.16 15:19:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011.07.16 15:19:24 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011.07.16 15:19:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011.07.16 15:19:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001

[2011.07.16 14:22:46 | 000,011,916 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011.07.16 14:22:31 | 000,011,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.07.16 14:19:45 | 000,000,732 | ---- | C] () -- C:\Users\Jupp\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysWOW64\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

Kann ich denn jetzt davon ausgehen, dass das Problem behoben ist? Müssen diese Systemordner auf meiner zweiten Partition bestehen bleiben?
Und könntest du mir vielleicht noch sagen, was jetzt eigentlich genau passiert ist und wie ich so etwas in Zukunft verhindern kann?

Die Systemordner müssen da bleiben und sind normalerweise versteckt, das klären wir nachher!

Sieht ganz gut aus - kontrollieren wir alles nochmal! :)

Schritt 1: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.04.28.04
 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jupp :: JUPP-PC [Administrator]
 

28.04.2013 20:23:07

MBAM-log-2013-04-28 (21-48-39).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 498750

Laufzeit: 1 Stunde(n), 23 Minute(n), 16 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0
 

(Ende)

ESET läuft gerade noch und wird auch wohl ne ganze Weile dauern... ich lass es heute Nacht mal durchlaufen.

Code:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam        Win64/Patched.A trojan

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam        Win64/Patched.A trojan

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam        Win64/Patched.A trojan

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam        Win64/Patched.A trojan

Trojaner bei Malwarebytes? :wtf:

Hm...entweder ein false positive oder ZeroAccess hat die Dateien verändert...

Virustotal

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.

Code:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse. Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wiederhole die selben Schritte mit folgenden Dateien.

Code:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222187/

https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222273/

https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222367/

https://www.virustotal.com/de/file/03e4d4e5f4337c44f3cb2c2cb943e0984679a51f05760e90c9c3b46a47aed659/analysis/1367222442/

Nicht zu fassen, dieses rootkit fängt an, mir gehörig auf die Nerven zu gehen... :pfui:

Schritt 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:FILES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

:COMMANDS

[EMPTYTEMP]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2: adwcleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3: Neues OTL-Log

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Wenn ich den Befehl bei otl eingebe und auf "fix " klicke, führt das zu einem systemcrash mit bluescreen :-(

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 13-04-28.01 - Jupp 29.04.2013  14:25:26.1.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2445 [GMT 2:00]

ausgeführt von:: c:\users\Jupp\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jupp\AppData\Local\1c818dfc\U

c:\users\Jupp\AppData\Local\1c818dfc\U\000000cb.@

c:\users\Jupp\AppData\Local\assembly\tmp

c:\users\Jupp\AppData\Local\TempDIR

c:\users\Jupp\AppData\Local\TempDIR\BetterInstaller.exe

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))

.

.

2013-04-29 12:23 . 2013-04-29 12:24        --------        d-----w-        C:\32788R22FWJFW

2013-04-28 23:59 . 2013-04-28 23:59        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{547A4808-1B32-445B-A775-1F6D09A10F06}\offreg.dll

2013-04-28 19:52 . 2013-04-28 19:52        --------        d-----w-        c:\program files (x86)\ESET

2013-04-27 08:16 . 2013-02-22 07:04        182896        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2013-04-26 21:57 . 2012-12-16 13:31        48128        ----a-w-        c:\windows\system32\atmlib.dll

2013-04-26 21:57 . 2012-12-16 13:12        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2013-04-26 21:57 . 2012-12-16 11:08        368128        ----a-w-        c:\windows\system32\atmfd.dll

2013-04-26 21:57 . 2012-12-16 10:50        293376        ----a-w-        c:\windows\SysWow64\atmfd.dll

2013-04-26 11:07 . 2013-03-08 04:18        451072        ----a-w-        c:\windows\system32\winsrv.dll

2013-04-26 11:07 . 2012-11-08 04:26        1570816        ----a-w-        c:\windows\system32\quartz.dll

2013-04-26 11:07 . 2012-11-08 03:48        1314816        ----a-w-        c:\windows\SysWow64\quartz.dll

2013-04-26 11:07 . 2013-03-08 04:17        2425344        ----a-w-        c:\windows\system32\mstscax.dll

2013-04-26 11:07 . 2013-03-08 03:52        2067968        ----a-w-        c:\windows\SysWow64\mstscax.dll

2013-04-26 11:07 . 2012-11-13 01:45        2048        ----a-w-        c:\windows\system32\tzres.dll

2013-04-26 11:07 . 2012-11-13 01:29        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2013-04-26 11:04 . 2012-11-02 10:45        477696        ----a-w-        c:\windows\system32\dpnet.dll

2013-04-26 11:04 . 2012-11-02 10:45        68096        ----a-w-        c:\windows\system32\dpnathlp.dll

2013-04-26 11:04 . 2012-11-02 10:18        376320        ----a-w-        c:\windows\SysWow64\dpnet.dll

2013-04-26 11:04 . 2012-11-02 08:59        26112        ----a-w-        c:\windows\system32\dpnsvr.exe

2013-04-26 11:04 . 2012-11-02 08:26        23040        ----a-w-        c:\windows\SysWow64\dpnsvr.exe

2013-04-26 11:02 . 2013-04-17 04:31        9317456        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{547A4808-1B32-445B-A775-1F6D09A10F06}\mpengine.dll

2013-04-25 20:32 . 2013-04-25 20:32        --------        d-----w-        c:\users\Jupp\AppData\Roaming\Avira

2013-04-25 20:26 . 2013-04-26 20:28        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-04-25 20:26 . 2013-04-26 20:28        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-04-25 20:26 . 2013-04-25 20:26        --------        d-----w-        c:\programdata\Avira

2013-04-25 20:26 . 2011-12-15 13:00        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-04-24 15:45 . 2013-04-24 15:45        311200        ----a-w-        c:\windows\system32\javaws.exe

2013-04-24 15:45 . 2013-04-24 15:45        971680        ----a-w-        c:\windows\system32\deployJava1.dll

2013-04-24 15:45 . 2013-04-24 15:45        1092512        ----a-w-        c:\windows\system32\npDeployJava1.dll

2013-04-24 15:45 . 2013-04-24 15:45        108448        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2013-04-24 15:45 . 2013-04-24 15:45        188832        ----a-w-        c:\windows\system32\javaw.exe

2013-04-24 15:45 . 2013-04-24 15:45        188320        ----a-w-        c:\windows\system32\java.exe

2013-04-24 15:45 . 2013-04-24 15:45        --------        d-----w-        c:\program files\Java

2013-04-21 07:32 . 2013-04-25 20:36        --------        d-----w-        c:\users\Jupp\AppData\Roaming\Ertu

2013-04-21 07:32 . 2013-04-25 20:35        --------        d-----w-        c:\users\Jupp\AppData\Roaming\Nuyt

2013-04-21 07:32 . 2013-04-21 07:32        --------        d-----w-        c:\users\Jupp\AppData\Roaming\Siup

2013-04-19 07:58 . 2013-04-19 08:02        --------        d-----w-        c:\users\Jupp\AppData\Local\.elfohilfe

2013-04-14 20:58 . 2013-04-14 20:58        --------        d-----w-        c:\programdata\Origin

2013-04-05 09:50 . 2013-04-05 09:50        --------        d-----w-        c:\program files (x86)\AGEIA Technologies

2013-04-04 15:25 . 2013-04-04 15:25        224256        ----a-w-        c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

2013-04-04 15:25 . 2013-04-04 15:26        --------        d-----w-        c:\program files (x86)\Mega Codec Pack

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-18 16:59 . 2012-06-11 06:24        691592        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-18 16:59 . 2012-02-21 08:53        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-04 12:50 . 2012-12-18 16:47        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-04-01 17:58 . 2006-11-02 12:35        72702784        ----a-w-        c:\windows\system32\mrt.exe

2013-03-15 05:53 . 2012-10-10 20:23        17990800        ----a-w-        c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2012-10-10 20:23        2864144        ----a-w-        c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2009-06-10 07:38        3477280        ----a-w-        c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2009-06-10 07:38        6398240        ----a-w-        c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2009-06-10 07:38        877856        ----a-w-        c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2009-06-10 07:38        63776        ----a-w-        c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2009-06-10 07:38        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll

2013-03-15 04:16 . 2009-06-10 07:38        237856        ----a-w-        c:\windows\system32\nvmctray.dll

2013-03-11 23:10 . 2011-07-17 00:20        282744        ------w-        c:\windows\system32\MpSigStub.exe

2013-02-24 09:39 . 2012-05-15 06:51        21840        ----atw-        c:\windows\SysWow64\SIntfNT.dll

2013-02-24 09:39 . 2012-05-15 06:51        17212        ----atw-        c:\windows\SysWow64\SIntf32.dll

2013-02-24 09:39 . 2012-05-15 06:51        12067        ----atw-        c:\windows\SysWow64\SIntf16.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]

@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"

[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]

2013-04-04 15:25        224256        ----a-w-        c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Rainlendar2"="d:\programme\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-04-26 348664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jupp\AppData\Roaming\Mozilla\Firefox\Profiles\8fnqi441.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig

FF - prefs.js: network.proxy.http - 87.98.136.60

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe

AddRemove-MechWarrior 3 - c:\windows\IsUn0407.exe

AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:72,c5,3c,b3,41,07,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,0c,0b,98,a7,19,32,49,a4,11,7a,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,0c,0b,98,a7,19,32,49,a4,11,7a,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Zeit der Fertigstellung: 2013-04-29  14:34:28

ComboFix-quarantined-files.txt  2013-04-29 12:34

.

Vor Suchlauf: 4.560.400.384 Bytes frei

Nach Suchlauf: 4.641.157.120 Bytes frei

.

- - End Of File - - FA628FFE0E3D921169C3FA0CD6B84AF7

Hast DU diesen Proxy in Firefox eingerichtet?

Zitat:

FF - prefs.js: network.proxy.http - 87.98.136.60

Öhm... keine Ahnung... nicht bewusst, denke ich. Was ist das denn? Kenne mich da überhaupt nicht mit aus.

CF-Script

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

FOLDER::

c:\users\Jupp\AppData\Roaming\Ertu

c:\users\Jupp\AppData\Roaming\Nuyt

c:\users\Jupp\AppData\Roaming\Siup

c:\users\Jupp\AppData\Local\1c818dfc

FILE::

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam

C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

FIREFOX::

FF - ProfilePath - c:\users\Jupp\AppData\Roaming\Mozilla\Firefox\Profiles\8fnqi441.default\

FF - prefs.js: network.proxy.http - 87.98.136.60

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

CLEARJAVACACHE::

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 13-04-28.01 - Jupp 29.04.2013  16:08:30.2.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4094.2590 [GMT 2:00]

ausgeführt von:: c:\users\Jupp\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Jupp\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam"

"c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam"

"c:\users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam"

"c:\users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam

c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

c:\users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam

c:\users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam

c:\users\Jupp\AppData\Local\1c818dfc

c:\users\Jupp\AppData\Local\1c818dfc\@

c:\users\Jupp\AppData\Roaming\Ertu

c:\users\Jupp\AppData\Roaming\Ertu\acifo.edu

c:\users\Jupp\AppData\Roaming\Ertu\acifo.tmp

c:\users\Jupp\AppData\Roaming\Nuyt

c:\users\Jupp\AppData\Roaming\Siup

c:\users\Jupp\AppData\Roaming\Siup\yzyko.ifb

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))

.

.

2013-04-29 14:13 . 2013-04-29 14:13        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-04-29 14:13 . 2013-04-29 14:13        --------        d-----w-        c:\users\Jupp\AppData\Local\temp

2013-04-29 14:13 . 2013-04-29 14:13        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-04-29 12:23 . 2013-04-29 14:07        --------        d-----w-        C:\32788R22FWJFW

2013-04-28 23:59 . 2013-04-28 23:59        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{547A4808-1B32-445B-A775-1F6D09A10F06}\offreg.dll

2013-04-28 19:52 . 2013-04-28 19:52        --------        d-----w-        c:\program files (x86)\ESET

2013-04-27 08:16 . 2013-02-22 07:04        182896        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2013-04-26 21:57 . 2012-12-16 13:31        48128        ----a-w-        c:\windows\system32\atmlib.dll

2013-04-26 21:57 . 2012-12-16 13:12        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2013-04-26 21:57 . 2012-12-16 11:08        368128        ----a-w-        c:\windows\system32\atmfd.dll

2013-04-26 21:57 . 2012-12-16 10:50        293376        ----a-w-        c:\windows\SysWow64\atmfd.dll

2013-04-26 11:07 . 2013-03-08 04:18        451072        ----a-w-        c:\windows\system32\winsrv.dll

2013-04-26 11:07 . 2012-11-08 04:26        1570816        ----a-w-        c:\windows\system32\quartz.dll

2013-04-26 11:07 . 2012-11-08 03:48        1314816        ----a-w-        c:\windows\SysWow64\quartz.dll

2013-04-26 11:07 . 2013-03-08 04:17        2425344        ----a-w-        c:\windows\system32\mstscax.dll

2013-04-26 11:07 . 2013-03-08 03:52        2067968        ----a-w-        c:\windows\SysWow64\mstscax.dll

2013-04-26 11:07 . 2012-11-13 01:45        2048        ----a-w-        c:\windows\system32\tzres.dll

2013-04-26 11:07 . 2012-11-13 01:29        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2013-04-26 11:04 . 2012-11-02 10:45        477696        ----a-w-        c:\windows\system32\dpnet.dll

2013-04-26 11:04 . 2012-11-02 10:45        68096        ----a-w-        c:\windows\system32\dpnathlp.dll

2013-04-26 11:04 . 2012-11-02 10:18        376320        ----a-w-        c:\windows\SysWow64\dpnet.dll

2013-04-26 11:04 . 2012-11-02 08:59        26112        ----a-w-        c:\windows\system32\dpnsvr.exe

2013-04-26 11:04 . 2012-11-02 08:26        23040        ----a-w-        c:\windows\SysWow64\dpnsvr.exe

2013-04-26 11:02 . 2013-04-17 04:31        9317456        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{547A4808-1B32-445B-A775-1F6D09A10F06}\mpengine.dll

2013-04-25 20:32 . 2013-04-25 20:32        --------        d-----w-        c:\users\Jupp\AppData\Roaming\Avira

2013-04-25 20:26 . 2013-04-26 20:28        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2013-04-25 20:26 . 2013-04-26 20:28        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2013-04-25 20:26 . 2013-04-25 20:26        --------        d-----w-        c:\programdata\Avira

2013-04-25 20:26 . 2011-12-15 13:00        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2013-04-24 15:45 . 2013-04-24 15:45        311200        ----a-w-        c:\windows\system32\javaws.exe

2013-04-24 15:45 . 2013-04-24 15:45        971680        ----a-w-        c:\windows\system32\deployJava1.dll

2013-04-24 15:45 . 2013-04-24 15:45        1092512        ----a-w-        c:\windows\system32\npDeployJava1.dll

2013-04-24 15:45 . 2013-04-24 15:45        108448        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2013-04-24 15:45 . 2013-04-24 15:45        188832        ----a-w-        c:\windows\system32\javaw.exe

2013-04-24 15:45 . 2013-04-24 15:45        188320        ----a-w-        c:\windows\system32\java.exe

2013-04-24 15:45 . 2013-04-24 15:45        --------        d-----w-        c:\program files\Java

2013-04-19 07:58 . 2013-04-19 08:02        --------        d-----w-        c:\users\Jupp\AppData\Local\.elfohilfe

2013-04-14 20:58 . 2013-04-14 20:58        --------        d-----w-        c:\programdata\Origin

2013-04-05 09:50 . 2013-04-05 09:50        --------        d-----w-        c:\program files (x86)\AGEIA Technologies

2013-04-04 15:25 . 2013-04-04 15:25        224256        ----a-w-        c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

2013-04-04 15:25 . 2013-04-04 15:26        --------        d-----w-        c:\program files (x86)\Mega Codec Pack

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-18 16:59 . 2012-06-11 06:24        691592        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-18 16:59 . 2012-02-21 08:53        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-04 12:50 . 2012-12-18 16:47        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-04-01 17:58 . 2006-11-02 12:35        72702784        ----a-w-        c:\windows\system32\mrt.exe

2013-03-15 05:53 . 2012-10-10 20:23        17990800        ----a-w-        c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2012-10-10 20:23        2864144        ----a-w-        c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2009-06-10 07:38        3477280        ----a-w-        c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2009-06-10 07:38        6398240        ----a-w-        c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2009-06-10 07:38        877856        ----a-w-        c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2009-06-10 07:38        63776        ----a-w-        c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2009-06-10 07:38        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll

2013-03-15 04:16 . 2009-06-10 07:38        237856        ----a-w-        c:\windows\system32\nvmctray.dll

2013-03-11 23:10 . 2011-07-17 00:20        282744        ------w-        c:\windows\system32\MpSigStub.exe

2013-02-24 09:39 . 2012-05-15 06:51        21840        ----atw-        c:\windows\SysWow64\SIntfNT.dll

2013-02-24 09:39 . 2012-05-15 06:51        17212        ----atw-        c:\windows\SysWow64\SIntf32.dll

2013-02-24 09:39 . 2012-05-15 06:51        12067        ----atw-        c:\windows\SysWow64\SIntf16.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]

@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"

[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]

2013-04-04 15:25        224256        ----a-w-        c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Rainlendar2"="d:\programme\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-04-26 348664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jupp\AppData\Roaming\Mozilla\Firefox\Profiles\8fnqi441.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe

AddRemove-MechWarrior 3 - c:\windows\IsUn0407.exe

AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:72,c5,3c,b3,41,07,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,0c,0b,98,a7,19,32,49,a4,11,7a,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,0c,0b,98,a7,19,32,49,a4,11,7a,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Zeit der Fertigstellung: 2013-04-29  16:15:20

ComboFix-quarantined-files.txt  2013-04-29 14:15

ComboFix2.txt  2013-04-29 12:34

.

Vor Suchlauf: 4.630.216.704 Bytes frei

Nach Suchlauf: 4.479.651.840 Bytes frei

.

- - End Of File - - 419B47B4394F824EFEF0EEA5C3525F45

So, dann auf ein Neues!

Sieht ganz gut aus - kontrollieren wir alles nochmal! :)

Schritt 1: MBAM vollständig

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

OK, Malwarebytes findet nichts mehr. ESET lasse ich dann heute Nacht wieder laufen, das dauert bei mir leider ungeheuer lange.

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.04.30.02
 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jupp :: JUPP-PC [Administrator]
 

30.04.2013 12:20:19

mbam-log-2013-04-30 (12-20-19).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 507829

Laufzeit: 1 Stunde(n), 20 Minute(n), 44 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

C:\Qoobox\Quarantine\C\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam.vir        Win64/Patched.A trojan

C:\Qoobox\Quarantine\C\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam.vir        Win64/Patched.A trojan

Prima - macht der Rechner noch Probleme oder können wir nachbereiten?

Naja,abgesehen davon,dass er gerade sehr langsam hochfährt, ist soweit alles in Ordnung :-)

Schritt 1: Security check

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 2: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3: Neues OTL-Log

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

SecurityCheck:

Code:

 Results of screen317's Security Check version 0.99.62  

 Windows Vista Service Pack 2 x64 (UAC is enabled)  

 Internet Explorer 9  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Adobe Flash Player         11.7.700.169  

 Adobe Reader 10.1.6 Adobe Reader out of Date!  

 Mozilla Firefox (20.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

AdwCleaner:

Code:

# AdwCleaner v2.300 - Datei am 02/05/2013 um 13:46:27 erstellt

# Aktualisiert am 28/04/2013 von Xplode

# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)

# Benutzer : Jupp - JUPP-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Jupp\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Gelöscht mit Neustart : C:\Program Files (x86)\Conduit

Gelöscht mit Neustart : C:\Program Files (x86)\DAEMON Tools Toolbar

Gelöscht mit Neustart : C:\Users\Jupp\AppData\Local\Conduit

Gelöscht mit Neustart : C:\Users\Jupp\AppData\Local\Max Secure Software

Gelöscht mit Neustart : C:\Users\Jupp\AppData\LocalLow\PriceGong

Gelöscht mit Neustart : C:\Users\Jupp\AppData\Roaming\dvdvideosoftiehelpers
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong

Schlüssel Gelöscht : HKCU\Software\Ask&Record

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\OpenCandy

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16476
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v20.0.1 (de)
 

Datei : C:\Users\Jupp\AppData\Roaming\Mozilla\Firefox\Profiles\8fnqi441.default\prefs.js
 

C:\Users\Jupp\AppData\Roaming\Mozilla\Firefox\Profiles\8fnqi441.default\user.js ... Gelöscht !
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[S1].txt - [2027 octets] - [02/05/2013 13:46:27]
 

########## EOF - C:\AdwCleaner[S1].txt - [2087 octets] ##########

... und OTL:

Code:

OTL logfile created on: 02.05.2013 13:58:37 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,13% Memory free

8,17 Gb Paging File | 6,51 Gb Available in Paging File | 79,72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 49,27 Gb Total Space | 4,07 Gb Free Space | 8,25% Space Free | Partition Type: NTFS

Drive D: | 416,48 Gb Total Space | 124,70 Gb Free Space | 29,94% Space Free | Partition Type: NTFS

Drive L: | 298,09 Gb Total Space | 12,62 Gb Free Space | 4,23% Space Free | Partition Type: NTFS

 

Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - D:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - D:\Programme\Rainlendar2\Rainlendar2.exe ()

PRC - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()

MOD - D:\Programme\Rainlendar2\Rainlendar2.exe ()

MOD - D:\Programme\Rainlendar2\lfs.dll ()

MOD - D:\Programme\Rainlendar2\lua51.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\aaCenter.exe ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\cpuutil.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files (x86)\ASUS\AASP\1.00.65\PowerDll.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (DAUpdaterSvc) -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\DRIVERS\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)

DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\DRIVERS\wg111v2.sys (Realtek Semiconductor Corporation                           )

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()

DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CE C0 EE F1 41 CE 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:11:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:10:59 | 000,000,000 | ---D | M]

 

[2011.07.16 15:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Extensions

[2013.04.25 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\Firefox\Profiles\8fnqi441.default\extensions

[2012.12.12 05:45:36 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

[2013.02.14 06:10:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jupp\AppData\Roaming\mozilla\firefox\profiles\8fnqi441.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013.04.12 08:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.12 08:11:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.08.12 20:20:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.08.31 18:12:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.31 18:12:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.08.31 18:12:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.31 18:12:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.31 18:12:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.31 18:12:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013.04.29 16:13:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKCU..\Run: [Rainlendar2] D:\Programme\Rainlendar2\Rainlendar2.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Jupp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D07A-F1F5-45A1-9197-CF2292ED39CE}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21EAA53-5830-4C8A-9A84-F18B79B3AB60}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Eigene Dateien\Desktop\sin_city_by_ordinatrix-d33kebs.jpg

O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Desktop\sin_city_by_ordinatrix-d33kebs.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.29 17:04:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.04.29 16:15:22 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.04.29 16:15:22 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\temp

[2013.04.29 15:44:37 | 005,060,730 | R--- | C] (Swearware) -- C:\Users\Jupp\Desktop\ComboFix.exe

[2013.04.29 14:24:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.04.29 14:24:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.04.29 14:24:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.04.29 14:24:02 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.04.29 14:23:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.04.29 14:23:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2013.04.28 21:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013.04.27 10:19:38 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2013.04.27 10:19:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2013.04.27 10:19:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll

[2013.04.27 10:19:28 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2013.04.27 10:19:28 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2013.04.27 10:19:28 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2013.04.27 10:19:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2013.04.27 10:16:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013.04.27 10:16:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013.04.27 10:16:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.04.27 10:16:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.04.27 10:16:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013.04.27 10:16:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013.04.27 10:16:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013.04.27 10:16:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013.04.27 10:16:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.04.27 10:16:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013.04.27 10:16:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013.04.27 10:16:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.04.27 10:16:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.04.27 10:16:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.04.27 10:16:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013.04.26 23:57:30 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013.04.26 23:57:30 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013.04.26 23:57:30 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013.04.26 23:57:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013.04.26 13:08:35 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013.04.26 13:08:33 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013.04.26 13:08:08 | 004,691,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.04.26 13:08:07 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013.04.26 13:08:07 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013.04.26 13:08:03 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys

[2013.04.26 13:08:00 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll

[2013.04.26 13:07:58 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013.04.26 13:07:57 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2013.04.26 13:07:57 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2013.04.26 13:07:19 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013.04.26 13:07:19 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013.04.26 13:04:57 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2013.04.26 13:04:57 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2013.04.26 13:04:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll

[2013.04.26 13:04:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe

[2013.04.26 13:04:57 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe

[2013.04.25 22:32:04 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Roaming\Avira

[2013.04.25 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2013.04.25 22:26:39 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2013.04.25 22:26:39 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2013.04.25 22:26:39 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2013.04.25 22:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2013.04.24 17:45:31 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:31 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.24 17:45:31 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:26 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:26 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:26 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013.04.19 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\Jupp\AppData\Local\.elfohilfe

[2013.04.14 22:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2013.04.12 08:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.05 11:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2013.04.05 11:46:00 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2013.04.05 11:46:00 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2013.04.05 11:46:00 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2013.04.05 11:46:00 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2013.04.05 11:46:00 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2013.04.05 11:46:00 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2013.04.05 11:46:00 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2013.04.05 11:46:00 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2013.04.05 11:46:00 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2013.04.05 11:46:00 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll

[2013.04.05 11:46:00 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll

[2013.04.05 11:46:00 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2013.04.05 11:46:00 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2013.04.05 11:46:00 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2013.04.05 11:46:00 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2013.04.05 11:46:00 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll

[2013.04.05 11:46:00 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll

[2013.04.04 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.05.02 13:53:36 | 001,468,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.05.02 13:53:36 | 000,636,228 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.05.02 13:53:36 | 000,602,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.05.02 13:53:36 | 000,131,254 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.05.02 13:53:36 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.05.02 13:48:13 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.05.02 13:48:12 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.05.02 13:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.05.02 13:46:47 | 000,000,461 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013.05.02 13:46:04 | 000,628,743 | ---- | M] () -- C:\Users\Jupp\Desktop\adwcleaner.exe

[2013.05.02 13:41:24 | 000,890,815 | ---- | M] () -- C:\Users\Jupp\Desktop\SecurityCheck.exe

[2013.05.01 17:25:48 | 000,051,712 | ---- | M] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.04.29 16:13:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.04.29 15:45:02 | 005,060,730 | R--- | M] (Swearware) -- C:\Users\Jupp\Desktop\ComboFix.exe

[2013.04.29 14:19:23 | 441,281,186 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013.04.27 10:59:53 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.26 22:28:11 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2013.04.26 22:28:11 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2013.04.26 11:40:53 | 000,000,020 | ---- | M] () -- C:\Users\Jupp\defogger_reenable

[2013.04.24 17:45:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013.04.24 17:45:13 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013.04.24 17:45:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013.04.24 17:45:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013.04.24 17:45:12 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013.04.24 17:45:12 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013.04.18 18:59:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.04.18 18:59:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.04.05 13:34:11 | 000,004,459 | ---- | M] () -- C:\Users\Jupp\.recently-used.xbel

[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.05.02 13:46:35 | 000,000,461 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013.05.02 13:46:03 | 000,628,743 | ---- | C] () -- C:\Users\Jupp\Desktop\adwcleaner.exe

[2013.05.02 13:41:24 | 000,890,815 | ---- | C] () -- C:\Users\Jupp\Desktop\SecurityCheck.exe

[2013.04.29 14:24:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.04.29 14:24:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.04.29 14:24:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.04.29 14:24:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.04.29 14:24:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.04.29 10:23:43 | 441,281,186 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013.04.27 10:19:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2013.04.27 10:19:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2013.04.26 11:40:53 | 000,000,020 | ---- | C] () -- C:\Users\Jupp\defogger_reenable

[2013.04.05 13:34:11 | 000,004,459 | ---- | C] () -- C:\Users\Jupp\.recently-used.xbel

[2013.02.10 14:19:50 | 000,000,000 | ---- | C] () -- C:\Users\Jupp\.JavaPowUpload.properties

[2012.05.15 08:51:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2012.05.15 08:51:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2012.05.15 08:51:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2012.05.15 08:45:39 | 000,030,903 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2012.05.10 16:33:31 | 000,010,818 | ---- | C] () -- C:\Windows\scunin.dat

[2012.01.23 01:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2012.01.23 01:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011.12.14 16:28:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.12.14 16:28:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.12.14 16:27:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.10.12 09:56:43 | 001,489,842 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.09.11 19:11:53 | 000,000,216 | ---- | C] () -- C:\Windows\PowerReg.dat

[2011.08.07 09:03:38 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011.08.03 12:09:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.07.21 10:24:55 | 000,051,712 | ---- | C] () -- C:\Users\Jupp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.17 18:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.07.16 15:19:24 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011.07.16 15:19:24 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011.07.16 15:19:24 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011.07.16 15:19:24 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011.07.16 15:19:24 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2011.07.16 14:45:57 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001

[2011.07.16 14:22:46 | 000,011,916 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011.07.16 14:22:31 | 000,011,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011.07.16 14:19:45 | 000,000,732 | ---- | C] () -- C:\Users\Jupp\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\wbemess.dll
 

< End of report >

Code:

OTL Extras logfile created on: 02.05.2013 13:58:37 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,13% Memory free

8,17 Gb Paging File | 6,51 Gb Available in Paging File | 79,72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 49,27 Gb Total Space | 4,07 Gb Free Space | 8,25% Space Free | Partition Type: NTFS

Drive D: | 416,48 Gb Total Space | 124,70 Gb Free Space | 29,94% Space Free | Partition Type: NTFS

Drive L: | 298,09 Gb Total Space | 12,62 Gb Free Space | 4,23% Space Free | Partition Type: NTFS

 

Computer Name: JUPP-PC | User Name: Jupp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = 2A E4 C4 4A 6F BA CC 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2F207C39-9FB9-4C4F-897D-7FA2B25DCD33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{4CBE5B32-79D0-4950-A083-D167FCFDE003}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{73472542-B843-4705-9A7A-A8B00061F6B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7F8CA566-65EF-4BAE-A617-497D97B7A65A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{80CD9F8E-CD35-49D7-A9AA-223CBFBD4455}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{8F125284-834E-4382-A2E1-7216E77BA6B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{C62E848D-407E-4ECA-9DAF-46F36E1CC164}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CAB028B3-19AD-462C-B987-2EE2CBCB2267}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{8B21D88A-0353-4977-8BCB-6A93100BDBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{7E974490-E9FC-488C-A10A-6874CAB13444}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 

"UDP Query User{36584ACD-2DEA-4865-A9BF-41279FF731DB}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers

"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59

"DriverAgent.exe" = DriverAgent by eSupport.com

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"VLC media player" = VLC media player 2.0.5

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0

"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi

"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Afterburner" = MSI Afterburner 2.1.0

"Avira AntiVir Desktop" = Avira Free Antivirus

"Canon iP3300 Benutzerregistrierung" = Canon iP3300 Benutzerregistrierung

"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung

"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon My Printer

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30

"CrystalDiskInfo_is1" = CrystalDiskInfo 4.2.0a

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"Diablo II" = Diablo II

"Diablo III" = Diablo III

"Earth 2140" = Earth 2140

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ElsterFormular" = ElsterFormular

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206

"Freecorder5.1" = Freecorder 5

"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play

"LastFM_is1" = Last.fm Scrobbler 2.1.35

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"MechWarrior 3" = MechWarrior 3

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0

"Mp3tag" = Mp3tag v2.49

"NCLauncher_GameForge" = NC Launcher (GameForge)

"NirSoft BlueScreenView" = NirSoft BlueScreenView

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"OCCT" = OCCT 4.1.1

"Rainlendar2" = Rainlendar2 (remove only)

"SpeedFan" = SpeedFan (remove only)

"Starcraft" = Starcraft

"StarCraft II" = StarCraft II

"Sudeki_is1" = Sudeki

"Tomb Raider_is1" = Tomb Raider

"Winamp" = Winamp

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinRAR archiver" = WinRAR

"YTdetect" = Yahoo! Detect

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 24.03.2013 09:51:45 | Computer Name = Jupp-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung winamp.exe, Version 5.6.3.3235, Zeitstempel 

0x4fec7b3e, fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.6161, Zeitstempel 

0x4dace5b9, Ausnahmecode 0xc0000005, Fehleroffset 0x0003b36a,  Prozess-ID 0xcbc, Anwendungsstartzeit

 01ce288fe8fe25d6.

 

Error - 24.03.2013 09:51:47 | Computer Name = Jupp-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung winamp.exe, Version 5.6.3.3235, Zeitstempel 

0x4fec7b3e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,

 Ausnahmecode 0xc0000005, Fehleroffset 0x0002ab6e,  Prozess-ID 0xcbc, Anwendungsstartzeit

 01ce288fe8fe25d6.

 

Error - 24.03.2013 18:07:22 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 25.03.2013 02:14:29 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 26.03.2013 02:41:33 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 26.03.2013 03:54:49 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 26.03.2013 12:25:32 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 27.03.2013 02:17:30 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 28.03.2013 03:23:08 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 29.03.2013 03:00:21 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 31.03.2013 12:46:49 | Computer Name = Jupp-PC | Source = WinMgmt | ID = 10

Description = 

 

[ Media Center Events ]

Error - 16.11.2011 11:08:05 | Computer Name = Jupp-PC | Source = Media Center Guide | ID = 0

Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;

 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide
 

 

[ System Events ]

Error - 01.05.2013 10:43:38 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 01.05.2013 11:20:26 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 01.05.2013 11:20:26 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 01.05.2013 16:17:37 | Computer Name = Jupp-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = 

 

Error - 02.05.2013 00:58:20 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.05.2013 00:58:20 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 02.05.2013 07:18:07 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.05.2013 07:18:07 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 02.05.2013 07:50:16 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 02.05.2013 07:50:16 | Computer Name = Jupp-PC | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

Dann sind wir durch! :)

Adobe Reader update

Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.

Lade dir den aktuellen Adobe Reader von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
Starte die Installation und folge den Anweisungen auf dem Bildschirm.
Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
Suche und entferne alle älteren Reader-Versionen.

Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button

ComboFix

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

Combofix /Uninstall

http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

adwCleaner

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Antviren-Software

Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
Eine Auswahl kostenloser Antivirenprogramme:

AVG Free Anti-Virus
Avast! Free Anti-Virus
Microsoft Security Essentials
Hinweis:MSE wird auch durch Windows Updates angeboten, falls kein Virenscanner am System erkannt wird

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

OK, vielen vielen Dank für deine Hilfe! Ich werde der Seite auf jeden Fall eine kleine Spende zukommen lassen :)

Nur noch ein paar Fragen:
1.) Wie kann ich die Systemordner wieder aus meiner zweiten Partition "verschwinden" lassen? Ist jetzt nicht schlimm, aber ich bin das halt nicht gewohnt und wenn das nur eine Sache von ein paar Mausklicks ist, würde ich das gerne rückgängig machen.
2.) Ich benutze "Avira" als Antivirenprogramm. Neuerdings erhalte ich immer eine Botschaft, ich solle doch auf die Version 2013 aktualisieren. Dabei handelt es sich, wenn ich das richtig sehe, aber um eine kostenpflichtige Version. Kann man diese Benachrichtigungen irgendwie abstellen?
3.) Fühle dich nicht verpflichtet, aber mich würde doch schon interessieren, was jetzt eigentlich mit meinem Rechner los war und wie wir das Problem gelöst haben. Ich kenne mich, wie anfangs gesagt, überhaupt nicht mit der Materie aus, mich würde es aber sehr interessieren. Wenn du also kurz Zeit hast, das in ein paar Sätzen zu erklären, wäre das klasse!

Danke noch für die Tipps, was das sichere Surfen angeht, ich werde mein System jetzt mal Stück für Stück absichern.

Dies sind Systemverzeichnisse, die normalerweise versteckt sind.

Blende erstmal versteckte und Systemdateien aus...

Windows-Explorer mit der Tastenkombination Windows-Taste + E öffnen
Organisieren anklicken
Ordner- und Suchoptionen wählen
Reiter Ansicht wählen
Dateien und Ordner
- Erweiterungen bei bekannten Dateitypen ausblenden => Haken setzen
- Geschützte Systemdateien ausblenden (empfohlen) => Haken setzen
- Immer Menü anzeigen => Haken setzen
- Laufwerkbuchstaben anzeigen => Haken setzen
- Leere Laufwerke im Ordner Computer ausblenden => Haken setzen
- Versteckte Dateien und Ordner: Ausgeblendete Dateien, Ordner und Laufwerke nicht anzeigen
- Klicke OK.

Was Antivir angeht, davon würde ich dir allgemein abraten. Der von der kostenfreien Version mitgebrachte "WebGuard" fußt nämlich auf der ask.com-toolbar - einer als adware eingestuften Freeware, die die Sicherheit deines Systems beinträchtigen kann.

Mein Tipp: Deinstalliere Antivir, nutze stattdessen Avast!.

Dein System war mit dem so genannten ZeroAccess-Rootkit infiziert. Es handelt sich dabei um einen der komplexesten Schädling in letzter Zeit. Unter anderem schützt er sich auf mehreren Wegen vor Entfernung, führt virtuelle Mausklicks auf von Kriminellen gemietete Webbanner aus, betreibt illegales Bitcoin-Mining und bindet deinen Rechner in ein Botnetz ein. Mehr Infos dazu beispielsweise in der englischen Wikipedia: ZeroAccess.

Seinen Namen hat das Teil von seiner Unart, sich im TCP-Protokollstapel zu verstecken und bei einer unsachgemäßen Entfernung diesen Protokollstapel (und damit die Netzwerk-/Internetverbindung) zu killen.

OK, nochmals besten Dank und ein schönes Wochenende! Gute Arbeit! :party:

Schön, dass wir helfen konnten! :abklatsch:

Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!