Massive Performanceeinbrüche durch Trojan.ADH.2?

cosinus · 16.12.2012, 15:02

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\windows\SysWow64\~.tmp
c:\windows\SysWOW64\Drivers\X6va008
c:\windows\SysWOW64\Drivers\X6va009
c:\windows\SysWOW64\Drivers\X6va011
c:\users\Steff\AppData\Local\Temp\002474E.tmp
c:\users\Steff\AppData\Local\Temp\0033B21.tmp
c:\users\Steff\AppData\Local\Temp\005BB53.tmp
c:\users\Steff\AppData\Local\Temp\006E8C8.tmp
c:\users\Steff\AppData\Local\Temp\00714C9.tmp

Folder::
c:\windows\SysWOW64\Drivers\X6va008
c:\windows\SysWOW64\Drivers\X6va009
c:\windows\SysWOW64\Drivers\X6va011

Driver::
X6va002
X6va003
X6va005
X6va006
X6va007
X6va008
X6va009
X6va011

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

schuka · 16.12.2012, 21:31

Hi Cosinus,

ComboFix lief wieder nur im abgesicherten Modus. Ich habe es zuerst nach nem normalen Windows-Start versucht, bekam aber wieder nen Bluescreen. Ich habe bei fast allen Bluescreens gesehen, dass die Ursache wohl ein Problem mit einer procexp113.sys war.

Hier aber noch das CF-Logg:

Code:

ATTFilter

ComboFix 12-12-14.01 - Steff 16.12.2012  19:19:05.2.2 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4096.2830 [GMT 1:00]
ausgeführt von:: c:\users\Steff\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Steff\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\users\Steff\AppData\Local\Temp\002474E.tmp"
"c:\users\Steff\AppData\Local\Temp\0033B21.tmp"
"c:\users\Steff\AppData\Local\Temp\005BB53.tmp"
"c:\users\Steff\AppData\Local\Temp\006E8C8.tmp"
"c:\users\Steff\AppData\Local\Temp\00714C9.tmp"
"c:\windows\SysWow64\~.tmp"
"c:\windows\SysWOW64\Drivers\X6va008"
"c:\windows\SysWOW64\Drivers\X6va009"
"c:\windows\SysWOW64\Drivers\X6va011"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\~.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA002
-------\Legacy_X6VA003
-------\Legacy_X6VA005
-------\Legacy_X6VA006
-------\Legacy_X6VA007
-------\Legacy_X6VA008
-------\Legacy_X6VA009
-------\Legacy_X6VA011
-------\Service_X6va002
-------\Service_X6va003
-------\Service_X6va005
-------\Service_X6va006
-------\Service_X6va007
-------\Service_X6va008
-------\Service_X6va009
-------\Service_X6va011
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-16 bis 2012-12-16  ))))))))))))))))))))))))))))))
.
.
2012-12-16 18:23 . 2012-12-16 18:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-15 16:45 . 2012-11-14 01:58	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-12-15 16:40 . 2012-11-05 20:41	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-15 16:40 . 2012-11-05 20:32	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-15 16:40 . 2012-11-05 21:35	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-15 16:40 . 2012-11-05 20:32	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-15 14:59 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-15 14:59 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-15 14:57 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-15 14:54 . 2012-10-04 17:41	424960	----a-w-	c:\windows\system32\KernelBase.dll
2012-12-15 14:54 . 2012-10-04 17:41	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-12-15 14:54 . 2012-10-04 17:45	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-12-15 14:54 . 2012-10-04 15:21	338432	----a-w-	c:\windows\system32\conhost.exe
2012-12-15 14:54 . 2012-10-04 16:47	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-12-15 14:54 . 2012-10-04 14:46	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-12-15 14:54 . 2012-10-04 17:46	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-12-15 14:54 . 2012-10-04 17:46	243200	----a-w-	c:\windows\system32\wow64.dll
2012-12-15 14:54 . 2012-10-04 17:43	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-12-15 14:54 . 2012-10-04 17:46	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-12-15 14:54 . 2012-10-04 14:46	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-12-15 14:52 . 2012-10-04 14:46	2048	----a-w-	c:\windows\SysWow64\user.exe
2012-12-15 14:49 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-15 14:49 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-09 19:05 . 2012-12-09 19:05	--------	d-----w-	c:\program files (x86)\ESET
2012-12-08 17:14 . 2012-12-08 17:14	--------	d-----w-	c:\users\Steff\AppData\Local\AMD
2012-12-08 17:07 . 2012-12-08 17:07	--------	d-----w-	c:\users\Steff\AppData\Roaming\ATI
2012-12-08 17:07 . 2012-12-08 17:07	--------	d-----w-	c:\users\Steff\AppData\Local\ATI
2012-12-08 17:07 . 2012-12-08 17:07	--------	d-----w-	c:\programdata\ATI
2012-12-08 17:04 . 2012-12-08 17:04	0	----a-w-	c:\windows\ativpsrm.bin
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files (x86)\AMD AVT
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files (x86)\AMD APP
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2012-12-08 16:58 . 2012-12-08 16:58	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2012-12-08 16:52 . 2012-12-08 16:59	--------	d-----w-	c:\programdata\AMD
2012-12-08 16:52 . 2010-02-18 08:18	46136	----a-w-	c:\windows\system32\drivers\amdiox64.sys
2012-12-08 16:48 . 2012-02-23 12:32	95760	----a-w-	c:\windows\system32\drivers\AtihdW76.sys
2012-12-08 16:45 . 2012-04-06 02:00	64000	----a-w-	c:\windows\system32\coinst.dll
2012-12-08 16:45 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-12-08 16:43 . 2012-12-08 16:43	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-12-08 16:42 . 2012-12-08 16:42	--------	d-----w-	c:\program files\ATI
2012-12-08 16:38 . 2012-12-08 16:56	--------	d-----w-	c:\program files\ATI Technologies
2012-12-07 16:07 . 2012-12-07 16:17	--------	d-----w-	C:\ubcd-extracted
2012-12-06 20:09 . 2012-12-06 20:09	--------	d-----w-	c:\users\Steff\AppData\Local\Apps
2012-12-06 18:16 . 2012-12-06 18:16	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-06 18:15 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-06 18:15 . 2012-12-06 18:16	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-05 21:49 . 2009-10-29 18:28	119680	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2012-12-05 21:49 . 2009-10-29 18:28	119680	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2012-12-05 21:49 . 2009-10-29 18:28	119680	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-12-05 21:48 . 2012-12-05 22:53	--------	d-----w-	c:\program files (x86)\1&1 Surf-Stick
2012-12-05 21:24 . 2009-10-29 18:28	11776	----a-w-	c:\windows\system32\drivers\massfilter.sys
2012-12-05 21:01 . 2012-12-05 21:01	--------	d-----w-	c:\users\Steff\AppData\Local\ElevatedDiagnostics
2012-12-05 20:43 . 2012-12-05 21:24	--------	d-----w-	C:\MWconn
2012-12-05 09:29 . 2012-12-05 09:29	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-05 09:29 . 2012-12-05 09:29	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-04 23:05 . 2012-12-06 18:24	--------	d-----w-	c:\users\Steff\AppData\Roaming\dvdcss
2012-12-04 21:23 . 2012-12-04 21:23	--------	d-----w-	c:\program files\CCleaner
2012-12-04 19:54 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8129240-89A8-43F5-A40F-C3B6B44CEDFD}\mpengine.dll
2012-12-04 19:01 . 2012-12-04 19:01	--------	d-----w-	c:\users\Steff\AppData\Local\Microsoft_Corporation
2012-12-03 00:13 . 2012-12-03 00:13	289768	----a-w-	c:\windows\system32\javaws.exe
2012-12-03 00:13 . 2012-12-03 00:13	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-03 00:13 . 2012-12-03 00:13	189416	----a-w-	c:\windows\system32\javaw.exe
2012-12-03 00:13 . 2012-12-03 00:13	188904	----a-w-	c:\windows\system32\java.exe
2012-12-03 00:12 . 2012-12-03 00:12	--------	d-----w-	c:\program files\Java
2012-11-28 19:48 . 2012-11-28 19:47	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 18:29 . 2011-07-19 19:15	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-12-15 16:54 . 2009-12-13 15:37	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-03 00:13 . 2012-08-25 16:17	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-03 00:13 . 2012-08-25 16:17	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-28 19:47 . 2010-06-08 16:47	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-28 17:31	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:31	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:31	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 17:53	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 17:53	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 17:53	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 17:53	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-05 00:33 . 2011-09-02 13:02	233120	----a-w-	c:\windows\system32\drivers\wpshelper.sys
2012-10-04 16:40 . 2012-12-15 14:54	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 17:54	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 17:53	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 17:53	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 17:53	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 17:53	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 17:53	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 17:53	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 17:53	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 17:53	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 17:53	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 17:53	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 17:53	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 17:53	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-03 14120]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [2010-10-03 22040]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 massfilter_hs;massfilter_hs;c:\windows\system32\drivers\massfilter_hs.sys [2009-02-03 12800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2010-04-07 446304]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1255736]
R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-06-02 235520]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 MWconn_Internet_0;MWconn_Internet;c:\users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe [2012-09-08 276992]
R4 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-03-28 37456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 69152]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912]
S3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys [2010-10-03 1293824]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: An OneNote s&enden - f:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - f:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\
FF - prefs.js: browser.startup.homepage - hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de
FF - ExtSQL: 2012-10-24 19:47; uriloader@pdf.js; c:\users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\PnkBstrA]
"ImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\0D756077321A70C3E844C138CE981581]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="8.0.50727"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\1B5423D68BD832A4C92DC2094FA0AB6F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="1.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\BC3612A074F4AA442A9163312306FC71]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="11.0.6005"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\D026E738E39B48D47A35EBD1EB7B611B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_ATL80.dll.97F81AF1_0E47_DC99_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2562336682C91B850AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.66332652_9C28_58B1_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\6E8A266FCD4F2A1409E1C8110F44DBCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="4.20.9876"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5076482617627454BA5458D4CC393B7C\DDA39468D428E8B4DB27C8D5DC5CA217]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="4.20.9870"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6F949E36CB3004C50AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_manifest.63E949F6_03BC_5C40_FF1F_C8B3B9A1E18E"
"ComponentVersion"=""
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\6E8A266FCD4F2A1409E1C8110F44DBCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9876.0"
"ProductVersion"="4.20.9876"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7A17F1B46C057B443ADA6B3C75B48B69\DDA39468D428E8B4DB27C8D5DC5CA217]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7"
"ComponentVersion"="4.20.9870.0"
"ProductVersion"="4.20.9870"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\94FB7165591953C49BDA8F1D56ED52BB\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4r.dll.sxs.2E8D8EBB_CC16_45E1_BBCA_CB1ED881EDB7"
"ComponentVersion"="4.10.9404.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AB4993037846EA74FAD1A76F80E8BEBD\20EA469772190C249A71C24EDCE4EFB3]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="msxml4.dll.sxs.2E8D8EBB_CC16_45E1_BBCA_CB1ED881EDB7"
"ComponentVersion"="4.20.9818.0"
"ProductVersion"="3.4.49"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\00004119110000000000000000F01FEC]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="14.0.4763"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\1B5423D68BD832A4C92DC2094FA0AB6F]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.4053"
"ProductVersion"="1.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\2A25C978A9FF5BC4BB470BAD99A4BBA2]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\7E577B2224C65CF4E801A9E52375DB49]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="14.0.1468"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\BC3612A074F4AA442A9163312306FC71]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="11.0.6005"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\D026E738E39B48D47A35EBD1EB7B611B]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E"
"ComponentVersion"="8.0.50727.762"
"ProductVersion"="2.0.0"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\avmwlanstick\WlanNetService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-16  20:05:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-16 19:05
ComboFix2.txt  2012-12-15 14:13
.
Vor Suchlauf: 9.283.989.504 Bytes frei
Nach Suchlauf: 8.896.225.280 Bytes frei
.
- - End Of File - - 1FD566BA87549D55E74E00AA8DFBD779

Gruß
schuka

cosinus · 17.12.2012, 17:50

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

schuka · 17.12.2012, 18:55

Hier das AdwCleaner-Log:

Code:

ATTFilter

# AdwCleaner v2.101 - Datei am 17/12/2012 um 18:44:33 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Steff - STEFF-MA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steff\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Steff\AppData\Local\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\prefs.js

Gefunden : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Gefunden : user_pref("surfcanyon.last_checked_ts", "1266950079401");

*************************

AdwCleaner[R1].txt - [1464 octets] - [17/12/2012 18:44:33]

########## EOF - C:\AdwCleaner[R1].txt - [1524 octets] ##########

cosinus · 17.12.2012, 19:01

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

schuka · 17.12.2012, 21:37

Hier zuerst das AdwCleaner-Log:

Code:

ATTFilter

# AdwCleaner v2.101 - Datei am 17/12/2012 um 19:29:04 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Steff - STEFF-MA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steff\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Steff\AppData\Local\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\prefs.js

C:\Users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\user.js ... Gelöscht !

Gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Gelöscht : user_pref("surfcanyon.last_checked_ts", "1266950079401");

*************************

AdwCleaner[R1].txt - [1589 octets] - [17/12/2012 18:44:33]
AdwCleaner[S1].txt - [1625 octets] - [17/12/2012 19:29:04]

########## EOF - C:\AdwCleaner[S1].txt - [1685 octets] ##########

Die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 17.12.2012 19:57:45 - Run 3
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,55% Memory free
12,00 Gb Paging File | 10,95 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,35 Gb Free Space | 17,10% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,48 Gb Free Space | 87,42% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steff\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (MWconn_Internet_0) -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe (Markus B. Weber)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01  [binary data]
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: F:\Programme\Firefox\components [2012.12.08 08:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M]
 
[2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Extensions
[2012.12.15 22:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions
[2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.13 17:27:48 | 000,548,003 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
[2012.12.10 07:26:25 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.15 22:07:44 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
O1 HOSTS File: ([2012.12.16 19:30:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 17:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012.12.17 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.12.16 20:59:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.16 20:06:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.16 19:18:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.12.16 19:18:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.16 19:10:35 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Steff\Desktop\ComboFix.exe
[2012.12.15 17:46:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.15 17:46:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.15 17:46:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.15 17:46:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.15 17:46:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.12.15 17:46:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.12.15 17:46:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.15 17:46:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.15 17:45:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.12.15 17:45:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.12.15 17:45:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.12.15 17:45:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.15 17:45:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.12.15 17:45:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.12.15 17:45:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.12.15 17:40:13 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.15 17:40:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.15 17:40:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.15 17:40:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.15 15:54:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.15 15:54:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.15 15:54:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.15 15:54:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.15 15:54:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.15 15:54:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.15 15:54:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.15 15:54:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.15 15:54:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.15 15:54:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.15 15:53:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.15 15:53:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.15 15:53:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 15:53:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 15:53:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 15:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 15:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 15:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 15:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 15:53:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 15:53:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 15:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 15:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 15:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 15:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 15:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 15:53:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 15:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 15:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 15:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 15:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 15:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 15:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 15:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 15:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 15:53:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 15:53:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 15:53:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 15:53:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 15:53:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 15:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 15:53:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 15:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 15:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 15:52:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.15 15:49:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.15 15:49:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012.12.14 01:46:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Steff\Documents\Trojaner-Board
[2012.12.13 17:48:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steff\Desktop\tdsskiller.exe
[2012.12.13 17:46:24 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Steff\Desktop\aswMBR.exe
[2012.12.09 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.09 20:03:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\AMD
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.08 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.08 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.12.08 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.12.08 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.08 17:52:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdiox64.sys
[2012.12.08 17:48:15 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys
[2012.12.08 17:45:59 | 000,064,000 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll
[2012.12.08 17:45:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012.12.08 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.12.08 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.12.08 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted
[2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Apps
[2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys
[2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ElevatedDiagnostics
[2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn
[2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn
[2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\dvdcss
[2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Microsoft_Corporation
[2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 19:44:23 | 000,013,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 19:44:23 | 000,013,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 19:40:51 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.17 19:40:51 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.17 19:40:51 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.17 19:40:51 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.17 19:40:50 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.17 19:35:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.17 19:34:49 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 18:42:03 | 000,547,175 | ---- | M] () -- C:\Users\Steff\Desktop\adwcleaner.exe
[2012.12.16 19:30:08 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.12.16 19:08:14 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Steff\Desktop\ComboFix.exe
[2012.12.16 18:53:09 | 000,077,473 | ---- | M] () -- C:\Users\Steff\Desktop\CF-Fehlermeldung.JPG
[2012.12.15 22:03:29 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.13 17:49:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steff\Desktop\tdsskiller.exe
[2012.12.13 17:47:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Steff\Desktop\aswMBR.exe
[2012.12.13 17:37:44 | 000,080,384 | ---- | M] () -- C:\Users\Steff\Desktop\MBRCheck.exe
[2012.12.10 03:48:51 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.12.09 20:04:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:04:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:36:26 | 000,007,640 | ---- | M] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg
[2012.12.07 23:05:34 | 000,000,982 | ---- | M] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.17 18:41:50 | 000,547,175 | ---- | C] () -- C:\Users\Steff\Desktop\adwcleaner.exe
[2012.12.16 18:53:09 | 000,077,473 | ---- | C] () -- C:\Users\Steff\Desktop\CF-Fehlermeldung.JPG
[2012.12.13 17:37:41 | 000,080,384 | ---- | C] () -- C:\Users\Steff\Desktop\MBRCheck.exe
[2012.12.10 03:40:00 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.12.08 18:04:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012.12.08 17:44:20 | 000,038,159 | ---- | C] () -- C:\windows\atiogl.xml
[2012.12.07 20:49:59 | 000,000,982 | ---- | C] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\Steff\RB001.REZ
[2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\Steff\AppData\Roaming\$_hpcst$.hpc
[2009.12.24 00:12:02 | 000,007,640 | ---- | C] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg

< End of report >

Und die Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 17.12.2012 19:57:45 - Run 3
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,55% Memory free
12,00 Gb Paging File | 10,95 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,35 Gb Free Space | 17,10% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,48 Gb Free Space | 87,42% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 Free
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PokerStars.eu" = PokerStars.eu
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2012 02:13:50 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 24.02.2012 12:52:01 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 26.02.2012 14:47:02 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.02.2012 14:18:56 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 01.03.2012 12:12:38 | Computer Name = Steff-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d9c    Startzeit: 
01ccf7c5f11941a0    Endzeit: 59    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 55db3351-63b9-11e1-9d46-92e9f08d5159  
 
Error - 01.03.2012 15:07:00 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 04.03.2012 18:43:29 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 04.03.2012 18:44:34 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 07.03.2012 02:36:33 | Computer Name = Steff-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b10    Startzeit: 
01ccfc2becd87dd0    Endzeit: 70    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 dcd10411-681f-11e1-a445-fddd4e01c7b5  
 
Error - 11.03.2012 14:00:00 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 14:36:49 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_IM
 
Error - 17.12.2012 14:40:11 | Computer Name = Steff-MA | Source = bowser | ID = 8003
Description = 
 
Error - 17.12.2012 14:41:50 | Computer Name = Steff-MA | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >

schuka · 17.12.2012, 21:40

Hier zuerst das AdwCleaner-Log:

Code:

ATTFilter

# AdwCleaner v2.101 - Datei am 17/12/2012 um 19:29:04 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Steff - STEFF-MA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steff\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Steff\AppData\Local\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\prefs.js

C:\Users\Steff\AppData\Roaming\Mozilla\Firefox\Profiles\kzdb1hmh.default\user.js ... Gelöscht !

Gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Gelöscht : user_pref("surfcanyon.last_checked_ts", "1266950079401");

*************************

AdwCleaner[R1].txt - [1589 octets] - [17/12/2012 18:44:33]
AdwCleaner[S1].txt - [1625 octets] - [17/12/2012 19:29:04]

########## EOF - C:\AdwCleaner[S1].txt - [1685 octets] ##########

Die OTL.txt:

Code:

ATTFilter

OTL logfile created on: 17.12.2012 19:57:45 - Run 3
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,55% Memory free
12,00 Gb Paging File | 10,95 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,35 Gb Free Space | 17,10% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,48 Gb Free Space | 87,42% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steff\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (MWconn_Internet_0) -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe (Markus B. Weber)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01  [binary data]
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: F:\Programme\Firefox\components [2012.12.08 08:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M]
 
[2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Extensions
[2012.12.15 22:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions
[2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.13 17:27:48 | 000,548,003 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
[2012.12.10 07:26:25 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.15 22:07:44 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
O1 HOSTS File: ([2012.12.16 19:30:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 17:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012.12.17 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.12.16 20:59:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.16 20:06:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.16 19:18:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.12.16 19:18:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.16 19:10:35 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Steff\Desktop\ComboFix.exe
[2012.12.15 17:46:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.15 17:46:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.15 17:46:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.15 17:46:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.15 17:46:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.12.15 17:46:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.12.15 17:46:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.15 17:46:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.15 17:45:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.12.15 17:45:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.12.15 17:45:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.12.15 17:45:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.15 17:45:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.12.15 17:45:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.12.15 17:45:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.12.15 17:40:13 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.15 17:40:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.15 17:40:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.15 17:40:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.15 15:54:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.15 15:54:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.15 15:54:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.15 15:54:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.15 15:54:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.15 15:54:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.15 15:54:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.15 15:54:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.15 15:54:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.15 15:54:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.15 15:53:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.15 15:53:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.15 15:53:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 15:53:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 15:53:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 15:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 15:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 15:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 15:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 15:53:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 15:53:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 15:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 15:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 15:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 15:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 15:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 15:53:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 15:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 15:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 15:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 15:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 15:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 15:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 15:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 15:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 15:53:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 15:53:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 15:53:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 15:53:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 15:53:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 15:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 15:53:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 15:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 15:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 15:52:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.15 15:49:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.15 15:49:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012.12.14 01:46:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Steff\Documents\Trojaner-Board
[2012.12.13 17:48:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steff\Desktop\tdsskiller.exe
[2012.12.13 17:46:24 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Steff\Desktop\aswMBR.exe
[2012.12.09 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.09 20:03:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\AMD
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.08 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.08 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.12.08 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.12.08 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.08 17:52:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdiox64.sys
[2012.12.08 17:48:15 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys
[2012.12.08 17:45:59 | 000,064,000 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll
[2012.12.08 17:45:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012.12.08 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.12.08 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.12.08 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted
[2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Apps
[2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys
[2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ElevatedDiagnostics
[2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn
[2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn
[2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\dvdcss
[2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Microsoft_Corporation
[2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 19:44:23 | 000,013,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 19:44:23 | 000,013,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 19:40:51 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.17 19:40:51 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.17 19:40:51 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.17 19:40:51 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.17 19:40:50 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.17 19:35:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.17 19:34:49 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 18:42:03 | 000,547,175 | ---- | M] () -- C:\Users\Steff\Desktop\adwcleaner.exe
[2012.12.16 19:30:08 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012.12.16 19:08:14 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Steff\Desktop\ComboFix.exe
[2012.12.16 18:53:09 | 000,077,473 | ---- | M] () -- C:\Users\Steff\Desktop\CF-Fehlermeldung.JPG
[2012.12.15 22:03:29 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.13 17:49:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steff\Desktop\tdsskiller.exe
[2012.12.13 17:47:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Steff\Desktop\aswMBR.exe
[2012.12.13 17:37:44 | 000,080,384 | ---- | M] () -- C:\Users\Steff\Desktop\MBRCheck.exe
[2012.12.10 03:48:51 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.12.09 20:04:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:04:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:36:26 | 000,007,640 | ---- | M] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg
[2012.12.07 23:05:34 | 000,000,982 | ---- | M] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.17 18:41:50 | 000,547,175 | ---- | C] () -- C:\Users\Steff\Desktop\adwcleaner.exe
[2012.12.16 18:53:09 | 000,077,473 | ---- | C] () -- C:\Users\Steff\Desktop\CF-Fehlermeldung.JPG
[2012.12.13 17:37:41 | 000,080,384 | ---- | C] () -- C:\Users\Steff\Desktop\MBRCheck.exe
[2012.12.10 03:40:00 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.12.08 18:04:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012.12.08 17:44:20 | 000,038,159 | ---- | C] () -- C:\windows\atiogl.xml
[2012.12.07 20:49:59 | 000,000,982 | ---- | C] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.06.07 19:46:48 | 000,025,762 | ---- | C] () -- C:\Users\Steff\RB001.REZ
[2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\Steff\AppData\Roaming\$_hpcst$.hpc
[2009.12.24 00:12:02 | 000,007,640 | ---- | C] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg

< End of report >

Und die Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 17.12.2012 19:57:45 - Run 3
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,55% Memory free
12,00 Gb Paging File | 10,95 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,35 Gb Free Space | 17,10% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,48 Gb Free Space | 87,42% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 Free
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PokerStars.eu" = PokerStars.eu
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2012 02:13:50 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 24.02.2012 12:52:01 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 26.02.2012 14:47:02 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.02.2012 14:18:56 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 01.03.2012 12:12:38 | Computer Name = Steff-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d9c    Startzeit: 
01ccf7c5f11941a0    Endzeit: 59    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 55db3351-63b9-11e1-9d46-92e9f08d5159  
 
Error - 01.03.2012 15:07:00 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 04.03.2012 18:43:29 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 04.03.2012 18:44:34 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 07.03.2012 02:36:33 | Computer Name = Steff-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b10    Startzeit: 
01ccfc2becd87dd0    Endzeit: 70    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 dcd10411-681f-11e1-a445-fddd4e01c7b5  
 
Error - 11.03.2012 14:00:00 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 11:34:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.12.2012 14:36:49 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_IM
 
Error - 17.12.2012 14:40:11 | Computer Name = Steff-MA | Source = bowser | ID = 8003
Description = 
 
Error - 17.12.2012 14:41:50 | Computer Name = Steff-MA | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >

cosinus · 17.12.2012, 23:40

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
:Files
C:\Users\Steff\RB001.REZ
C:\scu.dat
C:\windows\atiogl.xml
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

schuka · 18.12.2012, 11:31

Hier der Inhalt des Logs nach dem Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
C:\Users\Steff\RB001.REZ moved successfully.
C:\scu.dat moved successfully.
C:\windows\atiogl.xml moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Steff\Desktop\cmd.bat deleted successfully.
C:\Users\Steff\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Steff
->Temp folder emptied: 33051 bytes
->Temporary Internet Files folder emptied: 108159 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74400792 bytes
->Flash cache emptied: 939 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 71,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.2 log created on 12182012_112025

Files\Folders moved on Reboot...
C:\Users\Steff\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 18.12.2012, 22:15

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

cosinus · 18.12.2012, 22:15

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

schuka · 19.12.2012, 09:52

Hier die Kontroll-Logs:

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 19.12.2012 08:21:44 - Run 4
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,48% Memory free
12,00 Gb Paging File | 10,92 Gb Available in Paging File | 90,97% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,43 Gb Free Space | 17,26% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,48 Gb Free Space | 87,42% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steff\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- F:\Programme\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (MWconn_Internet_0) -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe (Markus B. Weber)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ZTEusbwwan) -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys (ZTE Incorporated)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121204.019\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 CB 4B 4F F9 52 CD 01  [binary data]
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{1AF41FAE-9D21-4366-826A-B4D4EE5C707E}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{569460E1-53C7-40CE-9C27-FC64A9748B60}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{71E25C20-4EBF-4F85-9B05-F431EBF137E4}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{96C96071-89F1-426C-8D0E-261D9445B8D8}: "URL" = hxxp://www.medinfo.de/such.asp?suche={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{D9C1E630-19F7-4C8A-8875-9BD5BA8D18B7}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{FB0FFBA3-CD1B-4B91-96B6-3363F29DE276}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\..\SearchScopes\{FC7ED99B-EE71-4916-8E51-051D9F74CBA7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-429285335-830603302-2756050950-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://connect.koramgame.com/?act=login.facebook&u=102026&u2=facebook&ref=hxxp://ath.koramgame.com/de"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.1
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: F:\Programme\Firefox\components [2012.12.08 08:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: F:\Programme\Firefox\plugins [2012.12.04 22:09:28 | 000,000,000 | ---D | M]
 
[2009.12.14 14:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Extensions
[2012.12.15 22:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions
[2012.11.21 20:47:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steff\AppData\Roaming\mozilla\Firefox\Profiles\kzdb1hmh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.13 17:27:48 | 000,548,003 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\uriloader@pdf.js.xpi
[2012.12.10 07:26:25 | 000,347,581 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.12.15 22:07:44 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Steff\AppData\Roaming\mozilla\firefox\profiles\kzdb1hmh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
 
O1 HOSTS File: ([2012.12.18 11:21:29 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\windows\SysNative\mqrt.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A73D4D-EF01-4EB1-9801-06804A83D8D3}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.18 11:20:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.17 17:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012.12.17 15:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.12.16 20:59:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.16 20:06:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.16 19:18:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.12.16 19:18:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.16 19:10:35 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Steff\Desktop\ComboFix.exe
[2012.12.15 17:46:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.15 17:46:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.15 17:46:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.15 17:46:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.15 17:46:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.12.15 17:46:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.12.15 17:46:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.15 17:46:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.15 17:45:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.12.15 17:45:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.12.15 17:45:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.12.15 17:45:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.15 17:45:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.12.15 17:45:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.12.15 17:45:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.12.15 17:40:13 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.15 17:40:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.15 17:40:09 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.15 17:40:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.15 15:54:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.15 15:54:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.15 15:54:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.15 15:54:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.15 15:54:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.15 15:54:07 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.15 15:54:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.15 15:54:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.15 15:54:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.15 15:54:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.15 15:53:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.15 15:53:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.15 15:53:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 15:53:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 15:53:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 15:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 15:53:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.15 15:53:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 15:53:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.15 15:53:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.15 15:53:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 15:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.15 15:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 15:53:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.15 15:53:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.15 15:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 15:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 15:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 15:53:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.15 15:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 15:53:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.15 15:53:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 15:53:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.15 15:53:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.15 15:53:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.15 15:53:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 15:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.15 15:53:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 15:53:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.15 15:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 15:53:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.15 15:53:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.15 15:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 15:53:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.15 15:53:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.15 15:53:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.15 15:53:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.15 15:53:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.15 15:53:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.15 15:53:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 15:53:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.15 15:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 15:53:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.15 15:52:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.15 15:49:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.15 15:49:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012.12.14 01:46:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Steff\Documents\Trojaner-Board
[2012.12.13 17:48:34 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steff\Desktop\tdsskiller.exe
[2012.12.13 17:46:24 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Steff\Desktop\aswMBR.exe
[2012.12.09 20:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.12.09 20:03:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:14:12 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\AMD
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ATI
[2012.12.08 18:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.08 17:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.08 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.12.08 17:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.12.08 17:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.12.08 17:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.08 17:52:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdiox64.sys
[2012.12.08 17:48:15 | 000,095,760 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\AtihdW76.sys
[2012.12.08 17:45:59 | 000,064,000 | ---- | C] (AMD) -- C:\windows\SysNative\coinst.dll
[2012.12.08 17:45:51 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\windows\SysNative\ATIDEMGX.dll
[2012.12.08 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.12.08 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.12.08 17:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.12.07 17:07:25 | 000,000,000 | ---D | C] -- C:\ubcd-extracted
[2012.12.06 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Apps
[2012.12.06 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.06 19:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 19:15:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.12.06 19:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.05 22:49:55 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbser6k.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbnmea.sys
[2012.12.05 22:49:54 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.12.05 22:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.12.05 22:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1&1 Surf-Stick
[2012.12.05 22:24:00 | 000,011,776 | ---- | C] (ZTE Incorporated) -- C:\windows\SysNative\drivers\massfilter.sys
[2012.12.05 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\ElevatedDiagnostics
[2012.12.05 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn
[2012.12.05 21:43:59 | 000,000,000 | ---D | C] -- C:\MWconn
[2012.12.05 10:29:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:24 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.05 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Roaming\dvdcss
[2012.12.04 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.04 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.04 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Steff\AppData\Local\Microsoft_Corporation
[2012.12.03 01:13:18 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:07 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:07 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:07 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.03 01:05:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.28 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.28 20:48:04 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.19 08:09:55 | 000,013,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 08:09:55 | 000,013,472 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 08:07:17 | 001,794,346 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.12.19 08:07:17 | 000,771,422 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.12.19 08:07:17 | 000,712,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.12.19 08:07:17 | 000,173,950 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.12.19 08:07:17 | 000,141,670 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.12.19 08:00:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.19 08:00:38 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.18 11:21:29 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012.12.17 18:42:03 | 000,547,175 | ---- | M] () -- C:\Users\Steff\Desktop\adwcleaner.exe
[2012.12.16 19:08:14 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Steff\Desktop\ComboFix.exe
[2012.12.16 18:53:09 | 000,077,473 | ---- | M] () -- C:\Users\Steff\Desktop\CF-Fehlermeldung.JPG
[2012.12.15 22:03:29 | 000,426,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.13 17:49:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steff\Desktop\tdsskiller.exe
[2012.12.13 17:47:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Steff\Desktop\aswMBR.exe
[2012.12.13 17:37:44 | 000,080,384 | ---- | M] () -- C:\Users\Steff\Desktop\MBRCheck.exe
[2012.12.09 20:04:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steff\Desktop\esetsmartinstaller_deu.exe
[2012.12.08 18:04:03 | 000,000,000 | ---- | M] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:36:26 | 000,007,640 | ---- | M] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg
[2012.12.07 23:05:34 | 000,000,982 | ---- | M] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.07 19:35:24 | 000,196,608 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012.12.06 19:16:09 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | M] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:49:41 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | M] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.05 10:29:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.05 10:29:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.04 22:50:44 | 000,129,062 | ---- | M] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.03 01:13:02 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2012.12.03 01:13:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.12.03 01:13:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.12.03 01:13:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.12.03 01:13:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.12.03 01:13:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.11.28 20:47:55 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\npdeployJava1.dll
[2012.11.28 20:47:55 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.17 18:41:50 | 000,547,175 | ---- | C] () -- C:\Users\Steff\Desktop\adwcleaner.exe
[2012.12.16 18:53:09 | 000,077,473 | ---- | C] () -- C:\Users\Steff\Desktop\CF-Fehlermeldung.JPG
[2012.12.13 17:37:41 | 000,080,384 | ---- | C] () -- C:\Users\Steff\Desktop\MBRCheck.exe
[2012.12.08 18:04:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012.12.08 17:45:58 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012.12.08 17:45:57 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2012.12.08 17:45:52 | 000,245,896 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.12.08 17:45:50 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012.12.07 20:49:59 | 000,000,982 | ---- | C] () -- C:\Users\Steff\Documents\SEP11log.csv
[2012.12.06 19:16:09 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.05 23:07:12 | 000,001,383 | ---- | C] () -- C:\Users\Steff\Desktop\procexp.exe - Verknüpfung.lnk
[2012.12.05 22:48:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.12.05 21:58:30 | 000,001,590 | ---- | C] () -- C:\Users\Steff\Desktop\MWconn.exe - Verknüpfung.lnk
[2012.12.05 17:32:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.12.04 22:50:28 | 000,129,062 | ---- | C] () -- C:\Users\Steff\Documents\cc_20121204_225020.reg
[2012.12.04 22:23:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.08 13:19:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.09.08 13:19:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.09.08 13:19:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.09.08 13:19:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.09.08 13:19:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.09.08 12:51:20 | 000,129,024 | ---- | C] () -- C:\windows\RegBootClean64.exe
[2012.07.11 20:53:55 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2011.11.06 23:51:14 | 000,233,960 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.07.19 20:16:50 | 001,817,500 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010.02.07 22:21:11 | 000,002,528 | ---- | C] () -- C:\Users\Steff\AppData\Roaming\$_hpcst$.hpc
[2009.12.24 00:12:02 | 000,007,640 | ---- | C] () -- C:\Users\Steff\AppData\Local\resmon.resmoncfg

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 19.12.2012 08:21:44 - Run 4
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Steff\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,18 Gb Available Physical Memory | 79,48% Memory free
12,00 Gb Paging File | 10,92 Gb Available in Paging File | 90,97% Paging File free
Paging file location(s): c:\pagefile.sys 4096 6142f:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,43 Gb Free Space | 17,26% Space Free | Partition Type: NTFS
Drive F: | 416,93 Gb Total Space | 364,48 Gb Free Space | 87,42% Space Free | Partition Type: NTFS
 
Computer Name: STEFF-MA | User Name: Steff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Programme\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "F:\Programme\Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2011 Free
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PokerStars.eu" = PokerStars.eu
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-429285335-830603302-2756050950-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.02.2012 02:13:50 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 24.02.2012 12:52:01 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 26.02.2012 14:47:02 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 29.02.2012 14:18:56 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 01.03.2012 12:12:38 | Computer Name = Steff-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d9c    Startzeit: 
01ccf7c5f11941a0    Endzeit: 59    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 55db3351-63b9-11e1-9d46-92e9f08d5159  
 
Error - 01.03.2012 15:07:00 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 04.03.2012 18:43:29 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
Error - 04.03.2012 18:44:34 | Computer Name = Steff-MA | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 07.03.2012 02:36:33 | Computer Name = Steff-MA | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.2.4428 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b10    Startzeit: 
01ccfc2becd87dd0    Endzeit: 70    Anwendungspfad: F:\Programme\Firefox\firefox.exe    Berichts-ID:
 dcd10411-681f-11e1-a445-fddd4e01c7b5  
 
Error - 11.03.2012 14:00:00 | Computer Name = Steff-MA | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 17.12.2012 14:40:11 | Computer Name = Steff-MA | Source = bowser | ID = 8003
Description = 
 
Error - 17.12.2012 14:41:50 | Computer Name = Steff-MA | Source = BROWSER | ID = 8032
Description = 
 
Error - 17.12.2012 16:32:54 | Computer Name = Steff-MA | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.25  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 17.12.2012 16:38:07 | Computer Name = Steff-MA | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.178.25  registriert werden. Der Computer mit IP-Adresse 192.168.178.23
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.12.2012 05:46:40 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_IM
 
Error - 18.12.2012 05:56:56 | Computer Name = Steff-MA | Source = BROWSER | ID = 8032
Description = 
 
Error - 18.12.2012 06:20:26 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 18.12.2012 06:25:28 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_IM
 
Error - 19.12.2012 03:02:40 | Computer Name = Steff-MA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_IM
 
Error - 19.12.2012 03:17:42 | Computer Name = Steff-MA | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >

cosinus · 19.12.2012, 22:54

Code:

ATTFilter

Version 3.2.61.2

Das fällt mir ja jetzt erst auf...
Warum hast du ständig diese alte OTL-Version genommen?

Code:

ATTFilter

64bit- Professional
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AFCBE3F-3B09-4821-B4F2-A836B5AA94D6}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16198326-0FD7-4A59-B16B-F149523E1987}: DhcpNameServer = 195.186.152.32 195.186.216.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EB56CAC-07B9-4D71-8AA4-1023EB2F9288}: DhcpNameServer = 192.168.178.1

Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

schuka · 20.12.2012, 00:32

Keine Ahnung, warum das eine alte Version ist. Ich hab sie von dem Link runtergezogen, der bei euch angegeben ist. Die Antwort auf Frage 2 muss ich Dir schuldig bleiben.

cosinus · 20.12.2012, 15:23

Zitat:

Ich hab sie von dem Link runtergezogen, der bei euch angegeben ist

Wenn ja ist das schon eine halbe Ewigkeit her

Zitat:

Die Antwort auf Frage 2 muss ich Dir schuldig bleiben.

Warum?

Massive Performanceeinbrüche durch Trojan.ADH.2?

Plagegeister aller Art und deren Bekämpfung: Massive Performanceeinbrüche durch Trojan.ADH.2?