Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
RunDLL Meldung beim Start

RunDLL Meldung beim Start


Plagegeister aller Art und deren Bekämpfung: RunDLL Meldung beim Start

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.08.2012, 15:50   #1
Tim Hunter
 
RunDLL Meldung beim Start - Standard

RunDLL Meldung beim Start


Hallo Leute,
ich bekomme seit kurzem beim Start von Win7 64bit die Meldung.

RunDLL
Fehler in C:Windows / SysWOW64/rundll32.exe
Folgender Eintrag fehlt: FQ10

In einem anderen Thread wurde was von GVU mit Webcam erzählt und ich sollte hier ein neues Thema eröffnen.
Kann damit jemand was anfangen und mich aufklären?

Viele Grüße


Hier die LOGs:
Malwarebytes LOG:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tim :: TIMSPC [Administrator]

Schutz: Aktiviert

08.08.2012 16:18:39
mbam-log-2012-08-08 (16-18-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200385
Laufzeit: 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


OLT:
OTL logfile created on: 08.08.2012 16:23:00 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 65,92% Memory free
15,96 Gb Paging File | 13,03 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 8,20 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 165,95 Gb Free Space | 67,97% Space Free | Partition Type: NTFS
Drive E: | 58,30 Gb Total Space | 36,93 Gb Free Space | 63,34% Space Free | Partition Type: NTFS
Drive F: | 684,57 Gb Total Space | 25,33 Gb Free Space | 3,70% Space Free | Partition Type: NTFS
Drive G: | 2,80 Gb Total Space | 2,53 Gb Free Space | 90,26% Space Free | Partition Type: NTFS
Drive H: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 161,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 119,24 Gb Total Space | 41,60 Gb Free Space | 34,89% Space Free | Partition Type: NTFS

Computer Name: TIMSPC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe ()
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - E:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe (Apache Software Foundation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_30 0_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- E:\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Marvell RAID) -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- E:\Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (MRUWebService) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe (Apache Software Foundation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (chdrvr03) -- C:\Windows\SysNative\drivers\chdrvr03.sys (CH Products)
DRV:64bit: - (chdrvr02) -- C:\Windows\SysNative\drivers\chdrvr02.sys (CH Products)
DRV:64bit: - (chdrvr01) -- C:\Windows\SysNative\drivers\chdrvr01.sys (CH Products)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (npusbio) -- C:\Windows\SysNative\drivers\npusbio_x64.sys ()
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MSILiveVirtualCamera) -- C:\Windows\SysNative\drivers\MSILiveVirtualCamera. sys (MSI Corporation)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 18 D3 19 8D 69 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_30 0_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_30 0_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tim\AppData\Local\Facebook\Video\Skype\np FacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.17 14:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.16 14:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 21:21:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.12 10:01:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2011.06.28 05:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2012.07.25 08:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profi les\j6lxk0e1.default\extensions
[2011.12.24 19:15:23 | 000,000,000 | ---D | M] ("GreenWebPlayer") -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profi les\j6lxk0e1.default\extensions\greenwebplayer@gre entube.com
[2012.05.21 17:55:27 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profi les\j6lxk0e1.default\extensions\ietab@ip.cn
[2012.03.21 16:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.01 22:58:11 | 000,226,493 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFI LES\J6LXK0E1.DEFAULT\EXTENSIONS\SCRIPTISH@ERIKVOLD .COM.XPI
[2012.07.18 21:21:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 23:02:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 23:02:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 23:02:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 23:02:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 23:02:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 23:02:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.07.10 21:17:15 | 000,435,740 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14993 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Tim\AppData\Local\Facebook\Update\Facebo okUpdate.exe" /c /nocrashserver File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSaveSettings = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/soft...5118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{57DD0C3D-3281-4B09-B9A9-853D901C592C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.12 20:11:41 | 000,000,233 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.04.20 13:34:37 | 000,000,039 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4dac6182-4761-11e1-a2a7-6c626d41ee86}\Shell - "" = AutoRun
O33 - MountPoints2\{4dac6182-4761-11e1-a2a7-6c626d41ee86}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{bce8fe43-4f41-11e1-8743-6c626d41ee86}\Shell - "" = AutoRun
O33 - MountPoints2\{bce8fe43-4f41-11e1-8743-6c626d41ee86}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{c6ea155a-b95f-11e0-a5e6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6ea155a-b95f-11e0-a5e6-806e6f6e6963}\Shell\AutoRun\command - "" = H:\DVDCheck.exe -- [2006.09.12 20:11:41 | 000,143,184 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{c6ea155a-b95f-11e0-a5e6-806e6f6e6963}\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\{c6ea155a-b95f-11e0-a5e6-806e6f6e6963}\Shell\setup\command - "" = H:\setup.exe -- [2006.09.12 20:11:41 | 000,265,040 | R--- | M] ()
O33 - MountPoints2\{c6ea155b-b95f-11e0-a5e6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6ea155b-b95f-11e0-a5e6-806e6f6e6963}\Shell\AutoRun\command - "" = I:\CondorSetup.exe -- [2006.04.25 01:25:00 | 168,811,202 | R--- | M] ()
O33 - MountPoints2\{ecb02c60-4088-11e1-bc80-6c626d41ee86}\Shell - "" = AutoRun
O33 - MountPoints2\{ecb02c60-4088-11e1-bc80-6c626d41ee86}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{ecb02c75-4088-11e1-bc80-6c626d41ee86}\Shell - "" = AutoRun
O33 - MountPoints2\{ecb02c75-4088-11e1-bc80-6c626d41ee86}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrvonServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.08 16:22:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.08.08 16:16:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2012.08.08 16:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 16:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 16:16:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.04 18:54:41 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Games
[2012.07.29 20:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TOPCAT
[2012.07.29 20:36:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\TOPCAT
[2012.07.29 20:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOPCAT
[2012.07.19 20:20:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Tiaziw
[2012.07.19 20:20:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Omlaw
[2012.07.19 20:20:19 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Docii
[2012.07.19 15:06:03 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\TBlauhut
[2012.07.18 20:33:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\HiFi
[2012.07.18 20:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiFi
[2012.07.17 14:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.16 17:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential
[2012.07.16 14:35:06 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.16 14:33:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.16 14:33:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.16 14:33:54 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.16 14:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.16 14:33:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.05.29 20:20:43 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.08 16:22:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.08 16:21:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012.08.08 16:21:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4213199211-2682890403-2195737902-1000UA.job
[2012.08.08 16:21:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4213199211-2682890403-2195737902-1000Core.job
[2012.08.08 15:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.08 14:34:51 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 14:34:51 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.08 14:33:03 | 103,224,603 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.08.08 14:31:54 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.08 14:31:54 | 000,657,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.08 14:31:54 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.08 14:31:54 | 000,131,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.08 14:31:54 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.08 14:27:51 | 000,133,184 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2012.08.08 14:27:51 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2012.08.08 14:27:50 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.08 14:27:48 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2012.08.08 14:27:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 14:27:42 | 2132,148,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.07 23:35:47 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.08.07 23:35:47 | 000,063,864 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.08.07 23:35:47 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.08.07 21:35:34 | 003,980,638 | ---- | M] () -- C:\Users\Tim\Desktop\BZF1.jpg
[2012.08.07 21:35:01 | 003,769,634 | ---- | M] () -- C:\Users\Tim\Desktop\BZF2.jpg
[2012.08.04 01:32:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
[2012.08.02 21:45:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.02 21:45:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.30 17:08:20 | 000,210,497 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.07.16 22:52:53 | 000,000,157 | ---- | M] () -- C:\Windows\wininit.ini
[2012.07.16 17:37:03 | 000,422,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.16 17:18:39 | 000,000,689 | ---- | M] () -- C:\Users\Tim\Desktop\Downloads - Verknüpfung.lnk
[2012.07.16 17:11:12 | 000,027,520 | ---- | M] () -- C:\Users\Tim\AppData\Local\dt.dat
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.07 21:36:28 | 003,980,638 | ---- | C] () -- C:\Users\Tim\Desktop\BZF1.jpg
[2012.08.07 21:35:47 | 003,769,634 | ---- | C] () -- C:\Users\Tim\Desktop\BZF2.jpg
[2012.08.04 01:32:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad
[2012.07.28 22:15:12 | 000,000,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall WOH777ArabianSun.lnk
[2012.07.16 22:52:53 | 000,000,157 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.16 17:18:39 | 000,000,689 | ---- | C] () -- C:\Users\Tim\Desktop\Downloads - Verknüpfung.lnk
[2012.07.16 17:11:12 | 000,027,520 | ---- | C] () -- C:\Users\Tim\AppData\Local\dt.dat
[2012.02.14 18:13:54 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012.01.17 00:06:54 | 000,002,048 | -HS- | C] () -- C:\Users\Tim\AppData\Local\{b9e3e66c-b011-2b5a-acda-7e7abb25d5a1}\@
[2011.10.31 22:17:45 | 000,141,352 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.09.20 00:03:16 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011.09.19 14:53:20 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\zlib1i.dll
[2011.07.06 13:46:06 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.18 21:05:22 | 000,230,400 | ---- | C] () -- C:\ProgramData\tempraw
[2011.06.18 19:48:09 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.06.18 19:48:09 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.06.18 19:48:02 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011.06.18 19:47:28 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2011.06.17 21:32:47 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
[2011.06.17 21:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mvcli.ini
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.03.18 06:00:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:74603393

< End of report >



Was bedeutet das jetzt für mich? Es funktioniert alles wie normal. Außer, dass sich meine Desktopsymbole nach einem Neustart immer ganz links an der Seite anordnen. Das trat das erste mal etwa 2-3 Tage vor der FQ10 Meldung auf. Habe nichts umgestellt und schon alle Tipps (inkl. einem Registry Eintrag ändern etc) ausprobiert.
Kann das was damit zutun haben? Wie geht es weiter?

Vielen Dank, Tim

Alt 09.08.2012, 09:05   #2
t'john
/// Helfer-Team
 
RunDLL Meldung beim Start - Standard

RunDLL Meldung beim Start




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_30 0_270.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found 

O4 - HKCU..\Run: [Facebook Update] "C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites) 
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.12 20:11:41 | 000,000,233 | R--- | M] () - H:\autorun.inf -- [ UDF ] 
O32 - AutoRun File - [2005.04.20 13:34:37 | 000,000,039 | R--- | M] () - I:\Autorun.inf -- [ CDFS ] 
O33 - MountPoints2\{4dac6182-4761-11e1-a2a7-6c626d41ee86}\Shell - "" = AutoRun 
O33 - MountPoints2\{4dac6182-4761-11e1-a2a7-6c626d41ee86}\Shell\AutoRun\command - "" = L:\AutoRun.exe 
O33 - MountPoints2\{bce8fe43-4f41-11e1-8743-6c626d41ee86}\Shell - "" = AutoRun 
O33 - MountPoints2\{bce8fe43-4f41-11e1-8743-6c626d41ee86}\Shell\AutoRun\command - "" = M:\AutoRun.exe 
O33 - MountPoints2\{c6ea155a-b95f-11e0-a5e6-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{c6ea155a-b95f-11e0-a5e6-806e6f6e6963}\Shell\AutoRun\command - "" = H:\DVDCheck.exe -- [2006.09.12 20:11:41 | 000,143,184 | R--- | M] (Microsoft Corp.) 
O33 - MountPoints2\{c6ea155b-b95f-11e0-a5e6-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{c6ea155b-b95f-11e0-a5e6-806e6f6e6963}\Shell\AutoRun\command - "" = I:\CondorSetup.exe -- [2006.04.25 01:25:00 | 168,811,202 | R--- | M] () 
O33 - MountPoints2\{ecb02c60-4088-11e1-bc80-6c626d41ee86}\Shell - "" = AutoRun 
O33 - MountPoints2\{ecb02c60-4088-11e1-bc80-6c626d41ee86}\Shell\AutoRun\command - "" = L:\AutoRun.exe 
O33 - MountPoints2\{ecb02c75-4088-11e1-bc80-6c626d41ee86}\Shell - "" = AutoRun 
O33 - MountPoints2\{ecb02c75-4088-11e1-bc80-6c626d41ee86}\Shell\AutoRun\command - "" = M:\AutoRun.exe 

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] 
[2012.08.04 01:32:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad 
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:74603393 
 
[2012.08.08 16:22:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.08 16:21:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4213199211-2682890403-2195737902-1000UA.job 
[2012.08.08 16:21:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4213199211-2682890403-2195737902-1000Core.job 
[2012.08.08 15:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.08 14:27:50 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.01.17 00:06:54 | 000,002,048 | -HS- | C] () -- C:\Users\Tim\AppData\Local\{b9e3e66c-b011-2b5a-acda-7e7abb25d5a1}\@ 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 09.08.2012, 13:37   #3
Tim Hunter
 
RunDLL Meldung beim Start - Standard

RunDLL Meldung beim Start


Hi, habe ich getan.
Das Programm stürzt dann leider ab bzw. bleibt hängen. "Keine Rückmeldung" wird angezeigt und in dem Ordner befindet sich auch kein Logfile.
__________________
Alt 10.08.2012, 14:40   #4
t'john
/// Helfer-Team
 
RunDLL Meldung beim Start - Standard

RunDLL Meldung beim Start


Bitte nochmal versuchen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.09.2012, 02:29   #5
t'john
/// Helfer-Team
 
RunDLL Meldung beim Start - Standard

RunDLL Meldung beim Start


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu RunDLL Meldung beim Start
.dll, administrator, adobe, avg, bho, bonjour, dll, erste mal, eset smart security, explorer, firefox, flash player, format, google earth, helper, home, langs, limited.com/facebook, logfile, mozilla, neustart, plug-in, programme, realtek, registry, rundll, safer networking, security, senden, software, usb, usb 3.0, win7 64bit, windows, ändern


« Bundespolizei bei Win7 | bProtector for Windows searchplugins »


Ähnliche Themen: RunDLL Meldung beim Start


  1. Fehlermeldung beim booten. RunDLL Problem beim starten von ... Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.05.2016 (23)
  2. Fehlermeldung rundll - c:\program beim Start von Windows + extrem langsamer Laptop
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (15)
  3. Fehlermeldung beim Start von Windows RunDll Modul nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.03.2014 (17)
  4. RunDll Fehlermeldung beim Start des Computers
    Plagegeister aller Art und deren Bekämpfung - 14.02.2014 (14)
  5. Fehlermeldung: RunDLL Meldung beim Systemstart
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (7)
  6. Windows 7 HP: Firewall Fehler Code : 0x6D9 und Rundll Fehler beim Start
    Log-Analyse und Auswertung - 23.09.2013 (22)
  7. RunDLL Fehler beim Start
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (15)
  8. Meldung auf fehlende deo0_sar.exe beim Start
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (4)
  9. RunDLL Meldung beim Start
    Alles rund um Windows - 05.08.2012 (2)
  10. RunDLL Meldung "Fehler beim Laden von ...roper0dun.exe
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (4)
  11. Meldung beim Start von XP - yise.ero nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (1)
  12. Meldung beim System start
    Antiviren-, Firewall- und andere Schutzprogramme - 25.11.2009 (40)
  13. Meldung beim Start von Windows
    Plagegeister aller Art und deren Bekämpfung - 23.03.2009 (4)
  14. Beim Start wird eine Meldung von Windows angezeigt! Virus?!
    Plagegeister aller Art und deren Bekämpfung - 18.03.2009 (0)
  15. RUNDLL Fehler beim PC Start
    Mülltonne - 15.07.2008 (0)
  16. RUNDLL Fehler beim start von win(bpnsenul.dll)
    Log-Analyse und Auswertung - 11.07.2007 (1)
  17. Error Meldung beim Start vom Explorer
    Plagegeister aller Art und deren Bekämpfung - 30.08.2006 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema RunDLL Meldung beim Start - Hallo Leute, ich bekomme seit kurzem beim Start von Win7 64bit die Meldung. RunDLL Fehler in C:Windows / SysWOW64/rundll32.exe Folgender Eintrag fehlt: FQ10 In einem anderen Thread wurde was von - RunDLL Meldung beim Start...
Archiv
Du betrachtest: RunDLL Meldung beim Start auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55