WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt

ryder · 23.12.2012, 11:46

Ja prima.

Gut dann gehts so weiter:

Scan mit MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Mufus · 23.12.2012, 12:05

Habe noch das Update gemacht, damit er die neusten Viecher findet.

system-log

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.330000 GHz
Memory total: 2145107968, free: 1324388352

------------ Kernel report ------------
     12/23/2012 11:52:14
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sphb.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\b57nd60x.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\ElbyCDFL.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ad19cy62.SYS
\SystemRoot\system32\DRIVERS\avmaura.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\VSTAZL3.SYS
\SystemRoot\system32\DRIVERS\VSTDPV3.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccid.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\ComboFix\catchme.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85892540
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85670528
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.23.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85892540, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff858b1d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85892540, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff856b9918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85670528, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffb84bd2d0, 0xffffffff85892540, 0xffffffff84dc5608
Lower DeviceData: 0xffffffff9dce76c8, 0xffffffff85670528, 0xffffffff851a1b80
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 90000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 192717

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 194560  Numsec = 386330624
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 386525184  Numsec = 4194304

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...
Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} --> [Trojan.Banker]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{055FD26D-3A88-4e15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKCU\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================

ryder · 23.12.2012, 12:07

Du hast das "nur wenn angefordert" gepostet. Ich möchte gerne noch das andere.

Mufus · 23.12.2012, 12:13

Oh, sorry, das habe ich in dem Ordner glatt übersehen. Entschuldige.

Code:

ATTFilter

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.23.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-XPS [administrator]

23.12.2012 12:02:13
mbar-log-2012-12-23 (12-02-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29663
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ryder · 23.12.2012, 12:14

Gut, dann bitte MBAR nochmal laufen lassen. Neues Logfile posten, diesmal sollte es sauber sein

Mufus · 23.12.2012, 12:28

Alles sauber.

Code:

ATTFilter

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.23.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-XPS [administrator]

23.12.2012 12:26:22
mbar-log-2012-12-23 (12-26-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29661
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ryder · 23.12.2012, 12:40

YAAAAAY

Dann bitte ein letztes Mal Combofix laufen lassen.

Mufus · 23.12.2012, 13:09

Code:

ATTFilter

ComboFix 12-12-22.02 - Dell 23.12.2012  12:48:42.1.2 - x86
ausgeführt von:: c:\users\Dell\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 11:57 . 2012-12-23 11:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-23 10:52 . 2012-12-23 10:52	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-23 03:53 . 2012-12-23 03:53	--------	d-----w-	C:\_OTL
2012-12-23 00:29 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF113B60-8951-4495-8F15-275F3920D8B7}\mpengine.dll
2012-12-23 00:16 . 2012-12-23 00:16	--------	d-----w-	c:\program files\Common Files\Skype
2012-12-23 00:00 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
2012-12-22 23:58 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 23:58 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 23:57 . 2012-08-21 11:47	224640	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-22 23:56 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-12-22 23:56 . 2012-11-13 01:36	2048000	----a-w-	c:\windows\system32\win32k.sys
2012-12-22 23:56 . 2012-11-13 01:29	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-22 23:56 . 2012-11-02 10:18	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-12-22 23:56 . 2012-11-02 08:26	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2012-12-22 23:53 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-12-17 22:17 . 2012-12-17 22:17	--------	d-----w-	c:\program files\CCleaner
2012-12-12 01:02 . 2012-12-12 01:02	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 01:02 . 2012-12-12 01:02	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-09 10:17 . 2012-12-09 10:48	--------	d-----w-	c:\users\Dell\AppData\Roaming\GARMIN
2012-12-09 10:12 . 2012-12-09 10:16	--------	d-----w-	C:\Garmin
2012-12-09 10:12 . 2007-03-08 22:18	8320	----a-w-	c:\windows\system32\drivers\grmnusb.sys
2012-12-09 10:12 . 2007-03-08 22:18	18432	----a-w-	c:\windows\system32\drivers\grmngen.sys
2012-12-08 16:42 . 2012-12-12 00:52	--------	d-----w-	c:\users\Dell\AppData\Roaming\UAs
2012-12-03 17:17 . 2012-12-03 17:54	--------	d-----w-	c:\users\Dell\AppData\Roaming\TeamViewer
2012-12-01 16:38 . 2012-12-03 17:16	--------	d-----w-	c:\program files\TeamViewer
2012-11-25 15:00 . 2012-12-23 10:32	--------	d-----w-	c:\program files\FireFox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 22:16 . 2012-11-10 16:36	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AVMUSBFernanschluss"="c:\users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-02-17 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\hilfsp~1\ICQ\ICQLite\ICQLite.exe" [2006-07-11 3144800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2012-7-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-17 05:58	3303000	----a-w-	c:\users\Dell\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-24 17:50	2516296	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\hilfsproggs\DAEMON Tools\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
2006-07-11 10:15	3144800	----a-w-	c:\hilfsproggs\ICQ\ICQLite\ICQLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2010-03-02 17:52	140640	----a-w-	c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01	319488	----a-w-	c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12	13605408	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-01-30 07:12	96800	----a-w-	c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-01-30 07:12	735776	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-03 21:42	1354736	----a-w-	c:\spiele\Valve\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-03-25 16:34	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21	94208	----a-w-	c:\hilfsproggs\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\6f4tikj2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-23 12:59
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1b,4c,44,d0,69,fc,9a,f5,c8,40,f1,db,a0,b5,5d,04,a6,9c,62,0d,93,df,c6,
   fe,73,7c,9c,e4,43,21,98,fe,a3,d8,80,1c,4f,e5,83,f9,23,30,b4,f1,f8,b6,54,56,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\Software\SecuROM\License information*]
"datasecu"=hex:18,5f,d1,d3,b3,6e,a5,11,07,72,79,84,da,83,fb,36,46,43,cf,3e,13,
   17,2a,3e,64,7a,21,cb,ad,62,e1,1c,af,1c,48,c1,b3,59,dd,6c,d3,b9,ad,00,31,e3,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23  13:08:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-23 12:08
ComboFix2.txt  2012-12-23 10:39
ComboFix3.txt  2012-12-22 23:11
.
Vor Suchlauf: 21 Verzeichnis(se), 40.853.610.496 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 40.737.763.328 Bytes frei
.
- - End Of File - - 94A7EC82D05D47512E50546E077F3733

ryder · 23.12.2012, 13:25

Hm irgendwas stört mich noch ... kann dir nicht sagen was ...

Scan mit Farbar's Recovery Scan Tool (FRST 32bit)

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
Starte den Rechner neu auf.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu auf und starte von der CD

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !!

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung
Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Mufus · 23.12.2012, 13:39

Über den Boot-Manager gibt es die Option Computer reparieren nicht.

Und eine Windows-CD habe ich gar nicht. -.-

ryder · 23.12.2012, 13:51

Hm

Bei Dell ist das manchmal nicht da ... ja.

Dann machen wir die Kontrolle eben so:

Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Starte bitte die OTL.exe.

Stelle folgendes ein:
Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"

Ausgabe: Minimal

Benutze SafeList in jedem Feld.

Haken bei "Benutze Hersteller-Whitelist"

Dateien erstellt und verändert innerhalb Datei-Alter

Haken bei LOP Prüfung und Purity Prüfung

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES(X86)%\*.*
%appdata%\*. 
%appdata%\*.* 
%localappdata%\*. 
%localappdata%\*.*
%allusersprofile%\*. 
%allusersprofile%\*.*
CREATERESTOREPOINT
         
Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Scan Button.

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

Mufus · 23.12.2012, 14:08

OTL

Code:

ATTFilter

OTL logfile created on: 23.12.2012 13:57:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,28% Memory free
4,23 Gb Paging File | 3,59 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184,22 Gb Total Space | 37,89 Gb Free Space | 20,57% Space Free | Partition Type: NTFS
 
Computer Name: DELL-XPS | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Hilfsproggs\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Autodesk Licensing Service) -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (msvsmon90) -- C:\Hilfsproggs\MS Visual Studio 2008\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (nicconfigsvc) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vpnva) -- system32\DRIVERS\vpnva.sys File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aod8dykr) --  File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL2832UUSB) -- C:\Windows\System32\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\System32\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (OMCI) -- C:\Windows\System32\drivers\omci.sys (Dell Computer Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{01_TL-YODL-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_yodl&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{03_TL-TELEFONBUCH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{04_TL-AMAZON-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{05_TL-EBAY-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{06_TL-DISCOUNT24-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_discount24&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{07_TL-CONRAD-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_conrad&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{08_TL-OTTO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{09_TL-CLIPFISH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{10_TL-MYVIDEO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{11_TL-MUSICLOAD-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_musicload&q={searchTerms}&affid=1&uid=A52F0A54-BE6E-4B08-A20A-DC89D5270C59
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Hilfsproggs\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Hilfsproggs\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Hilfsproggs\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Hilfsproggs\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Hilfsproggs\browserrecord
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Dell\AppData\Roaming\17001.007
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\FireFox\components [2012.11.25 16:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\FireFox\plugins [2012.11.25 16:01:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Dell\AppData\Roaming\17001.007
 
[2008.08.26 11:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions
[2012.11.19 19:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\6f4tikj2.default\extensions
 
O1 HOSTS File: ([2012.12.23 12:59:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Hilfsproggs\TerraTec TV\THCDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [avgnt] C:\Hilfsproggs\Avira AntiVir 10\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-634343067-3124121181-2066602064-1000..\Run: [AVMUSBFernanschluss] c:\Users\Dell\AppData\Local\Apps\2.0\7KME2VJN.DEZ\5AOK0M5T.04C\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-634343067-3124121181-2066602064-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ICQ Lite] C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O4 - HKU\S-1-5-18..\RunOnce: [ICQ Lite] C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Hilfsproggs\ICQ\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Hilfsproggs\ICQ\ICQ6\ICQ.exe File not found
O15 - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-634343067-3124121181-2066602064-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C630AF5-F19E-4602-A109-437E6ABCA994}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0DC37E92-1D6C-D92A-CD30-D40B52B0DBB6} - Microsoft Windows Media Player
ActiveX: {0FF90EEE-D0BA-F668-2A33-AFA561D823D7} - Browser Customizations
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {90472BF7-0009-2EFB-4537-8107A63C77A8} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B4786A9D-C47A-08FB-1D94-ABFA0AB33458} - .NET Framework
ActiveX: {B5EA532D-50F3-54D9-D1BD-E323214DBD2B} - Java (Sun)
ActiveX: {BF200919-1C54-26DC-53A3-FB75A5DE283A} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CBCCB6A7-103C-BCA8-CC12-A958F43D3B33} - Microsoft Windows Media Player
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FB8AECE1-2841-73D5-0FDD-73A91488B1E9} - Java (Sun)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: winmgmt - C:\Windows\System32\wbem\WinMgmt.exe (Microsoft Corporation)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe - (Macrovision Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Dell\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Hilfsproggs\DAEMON Tools\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: ICQ Lite - hkey= - key= - C:\Hilfsproggs\ICQ\ICQLite\ICQLite.exe (ICQ Ltd.)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: Monitor - hkey= - key= - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NVHotkey - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Spiele\Valve\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Hilfsproggs\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WinMgmt - C:\Windows\System32\wbem\WinMgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WinMgmt - C:\Windows\System32\wbem\WinMgmt.exe (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 13:54:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2012.12.23 13:08:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 12:59:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.23 11:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.23 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\mbar
[2012.12.23 04:53:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.23 01:48:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.23 01:48:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.23 01:48:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.23 01:48:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.23 01:48:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.23 01:48:49 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.23 01:48:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.23 01:48:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.23 01:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.23 01:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.23 01:06:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.12.23 01:00:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2012.12.23 00:59:54 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2012.12.23 00:59:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2012.12.23 00:59:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2012.12.23 00:59:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2012.12.23 00:59:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2012.12.23 00:59:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2012.12.23 00:59:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2012.12.23 00:59:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2012.12.23 00:59:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2012.12.23 00:59:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2012.12.23 00:59:44 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2012.12.23 00:59:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2012.12.23 00:59:44 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2012.12.23 00:59:44 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2012.12.23 00:59:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2012.12.23 00:56:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.12.23 00:56:42 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.23 00:56:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.23 00:56:37 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.23 00:56:37 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012.12.22 23:54:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.22 23:54:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.22 23:54:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.22 23:54:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.22 23:53:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.22 23:47:41 | 005,012,898 | R--- | C] (Swearware) -- C:\Users\Dell\Desktop\ComboFix.exe
[2012.12.22 23:39:39 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\TFC.exe
[2012.12.17 23:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.09 11:17:39 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Mein Garmin
[2012.12.09 11:17:36 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\GARMIN
[2012.12.09 11:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012.12.09 11:12:35 | 000,018,432 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmngen.sys
[2012.12.09 11:12:35 | 000,000,000 | ---D | C] -- C:\Garmin
[2012.12.08 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\UAs
[2012.12.03 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\TeamViewer
[2012.12.01 17:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012.12.01 17:36:00 | 005,835,512 | ---- | C] (TeamViewer GmbH) -- C:\Users\Dell\Desktop\TeamViewer_Setup_de.exe
[2012.11.25 16:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\FireFox
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.23 13:57:42 | 017,563,648 | ---- | M] () -- C:\Users\Dell\NTUSER.DAT
[2012.12.23 13:54:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2012.12.23 13:36:21 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 13:36:21 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 13:36:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.12.23 13:36:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.23 13:36:08 | 2145,873,920 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 13:34:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.23 13:34:23 | 000,524,288 | -HS- | M] () -- C:\Users\Dell\NTUSER.DAT{955b0035-1795-11e1-8397-001c23067766}.TMContainer00000000000000000001.regtrans-ms
[2012.12.23 13:34:23 | 000,065,536 | -HS- | M] () -- C:\Users\Dell\NTUSER.DAT{955b0035-1795-11e1-8397-001c23067766}.TM.blf
[2012.12.23 13:34:19 | 002,229,163 | -H-- | M] () -- C:\Users\Dell\AppData\Local\IconCache.db
[2012.12.23 12:59:32 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2012.12.23 12:59:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.23 11:19:08 | 005,012,898 | R--- | M] (Swearware) -- C:\Users\Dell\Desktop\ComboFix.exe
[2012.12.23 10:53:48 | 000,364,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.23 01:50:48 | 001,616,216 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.12.23 01:50:48 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.23 01:50:48 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.23 01:50:48 | 000,149,906 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.23 01:50:48 | 000,121,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.22 23:39:40 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\TFC.exe
[2012.12.22 23:39:29 | 000,000,016 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\blckdom.res
[2012.12.22 23:34:46 | 000,547,175 | ---- | M] () -- C:\Users\Dell\Desktop\adwcleaner.exe
[2012.12.21 17:32:53 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2012.12.19 15:43:46 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.16 12:53:43 | 000,000,140 | ---- | M] () -- C:\Windows\LODERUNN.INI
[2012.12.11 19:27:31 | 001,013,380 | ---- | M] () -- C:\Users\Dell\Desktop\Muf_für_Jules.pdf
[2012.12.04 20:55:45 | 000,098,752 | ---- | M] () -- C:\Users\Dell\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.12.03 20:31:26 | 000,173,568 | ---- | M] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.03 18:17:33 | 005,835,512 | ---- | M] (TeamViewer GmbH) -- C:\Users\Dell\Desktop\TeamViewer_Setup_de.exe
[2012.12.02 15:10:45 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.dat
 
========== Files Created - No Company Name ==========
 
[2012.12.23 00:59:46 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012.12.23 00:59:46 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012.12.23 00:59:46 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012.12.22 23:54:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.22 23:54:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.22 23:54:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.22 23:54:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.22 23:54:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.22 23:36:06 | 002,229,163 | -H-- | C] () -- C:\Users\Dell\AppData\Local\IconCache.db
[2012.12.22 23:34:45 | 000,547,175 | ---- | C] () -- C:\Users\Dell\Desktop\adwcleaner.exe
[2012.12.22 23:04:41 | 2145,873,920 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.11 19:27:30 | 001,013,380 | ---- | C] () -- C:\Users\Dell\Desktop\Muf_für_Jules.pdf
[2012.12.03 18:16:54 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012.11.10 16:21:40 | 000,000,016 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\blckdom.res
[2012.09.05 22:36:38 | 000,000,140 | ---- | C] () -- C:\Windows\LODERUNN.INI
[2011.11.25 21:00:57 | 000,524,288 | -HS- | C] () -- C:\Users\Dell\NTUSER.DAT{955b0035-1795-11e1-8397-001c23067766}.TMContainer00000000000000000002.regtrans-ms
[2011.11.25 21:00:57 | 000,524,288 | -HS- | C] () -- C:\Users\Dell\NTUSER.DAT{955b0035-1795-11e1-8397-001c23067766}.TMContainer00000000000000000001.regtrans-ms
[2011.11.25 21:00:57 | 000,065,536 | -HS- | C] () -- C:\Users\Dell\NTUSER.DAT{955b0035-1795-11e1-8397-001c23067766}.TM.blf
[2011.11.16 20:00:13 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.05.11 09:20:44 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.21 11:29:25 | 000,210,516 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.21 11:29:25 | 000,210,516 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.19 17:35:35 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.03.23 10:34:35 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007.12.24 22:50:36 | 000,173,568 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.11 21:42:32 | 000,106,780 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\nvModes.dat
[2007.11.11 21:42:32 | 000,106,780 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\nvModes.001
[2007.11.11 20:50:05 | 000,098,752 | ---- | C] () -- C:\Users\Dell\AppData\Local\GDIPFONTCACHEV1.DAT
[2007.11.11 20:49:46 | 000,001,356 | ---- | C] () -- C:\Users\Dell\AppData\Local\d3d9caps.dat
[2007.11.11 20:49:45 | 017,563,648 | ---- | C] () -- C:\Users\Dell\NTUSER.DAT
[2007.11.11 20:49:45 | 000,524,288 | -HS- | C] () -- C:\Users\Dell\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms
[2007.11.11 20:49:45 | 000,524,288 | -HS- | C] () -- C:\Users\Dell\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2007.11.11 20:49:45 | 000,065,536 | -HS- | C] () -- C:\Users\Dell\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2007.11.11 20:49:45 | 000,000,020 | -HS- | C] () -- C:\Users\Dell\ntuser.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.23 12:59:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.07.29 16:33:51 | 000,000,000 | ---D | M] -- C:\Arbeitsordner
[2009.05.27 20:53:12 | 000,000,000 | ---D | M] -- C:\Boot
[2012.12.23 10:34:38 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010.01.02 17:40:25 | 000,000,000 | ---D | M] -- C:\Dell
[2006.11.02 14:00:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.11.11 20:48:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.10.27 19:38:35 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.01.02 12:44:16 | 000,000,000 | ---D | M] -- C:\Drivers
[2012.06.25 14:57:47 | 000,000,000 | ---D | M] -- C:\Filme
[2011.12.06 00:50:56 | 000,000,000 | ---D | M] -- C:\Freigabeordner
[2012.12.09 11:16:55 | 000,000,000 | ---D | M] -- C:\Garmin
[2011.05.31 20:57:49 | 000,000,000 | ---D | M] -- C:\Handydateien
[2012.12.10 14:25:13 | 000,000,000 | ---D | M] -- C:\Hilfsproggs
[2010.01.02 12:44:16 | 000,000,000 | ---D | M] -- C:\MDT
[2010.01.02 12:44:16 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.01.02 12:44:16 | 000,000,000 | ---D | M] -- C:\Musik
[2012.12.22 23:35:21 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.23 11:52:14 | 000,000,000 | ---D | M] -- C:\ProgramData
[2007.11.11 20:48:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.23 13:08:15 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.12.19 16:43:29 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.12.23 12:03:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.07 19:44:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.23 13:08:12 | 000,000,000 | ---D | M] -- C:\Windows
[2012.12.23 04:53:16 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %SYSTEMDRIVE%\*.* >
[2012.12.22 23:35:26 | 000,007,145 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012.12.23 13:08:08 | 000,013,637 | ---- | M] () -- C:\ComboFix.txt
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.12.22 20:29:58 | 000,039,646 | ---- | M] () -- C:\Extras.Txt
[2012.12.23 13:36:08 | 2145,873,920 | -HS- | M] () -- C:\hiberfil.sys
[2008.04.29 17:06:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.04.29 17:06:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.12.22 20:29:52 | 000,074,036 | ---- | M] () -- C:\OTL.Txt
[2012.12.23 13:36:05 | 2459,680,768 | -HS- | M] () -- C:\pagefile.sys
 
< %PROGRAMFILES%\*.* >
[2008.06.29 18:08:48 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %appdata%\*.  >
[2012.07.15 13:17:14 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\.minecraft
[2012.11.10 16:21:45 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\16001.009
[2012.11.15 09:54:13 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\16001.010
[2012.11.17 14:48:20 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\16001.011
[2012.11.19 11:56:20 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\16001.012
[2012.11.21 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\16001.013
[2011.11.16 16:25:29 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Adobe
[2009.11.03 17:29:35 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Autodesk
[2011.11.20 13:57:24 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Avira
[2011.05.11 09:20:45 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Corel
[2009.06.20 14:46:37 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\DAEMON Tools
[2009.06.20 14:46:37 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\DAEMON Tools Lite
[2010.06.16 23:50:13 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\DivX
[2010.01.03 21:12:29 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Download Manager
[2012.12.09 11:48:32 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\GARMIN
[2008.03.24 23:27:38 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Google
[2009.04.02 11:51:43 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\ICQ
[2008.07.30 10:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\ICQLite
[2007.11.11 20:49:51 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Identities
[2011.05.17 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Keynote Systems
[2007.12.28 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Macromedia
[2009.03.05 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Media Player Classic
[2012.08.13 11:26:35 | 000,000,000 | --SD | M] -- C:\Users\Dell\AppData\Roaming\Microsoft
[2008.08.26 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Mozilla
[2012.05.23 15:26:22 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\OpenOffice.org
[2008.03.25 19:34:58 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Real
[2007.12.24 22:15:00 | 000,000,000 | RH-D | M] -- C:\Users\Dell\AppData\Roaming\SecuROM
[2012.12.23 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Skype
[2009.05.03 12:57:35 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\SlySoft
[2007.12.29 01:51:08 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Talkback
[2011.02.13 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\teamspeak2
[2012.12.03 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\TeamViewer
[2012.12.12 01:52:23 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\UAs
[2012.12.12 01:53:21 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\xmldm
[2012.08.08 20:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\XRay Engine
 
< %appdata%\*.*  >
[2012.12.22 23:39:29 | 000,000,016 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\blckdom.res
[2009.04.21 05:04:10 | 000,106,780 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\nvModes.001
[2009.04.21 05:04:10 | 000,106,780 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\nvModes.dat
 
< %localappdata%\*.  >
[2011.11.16 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Adobe
[2011.11.18 11:53:02 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Akamai
[2007.11.11 20:49:45 | 000,000,000 | -HSD | M] -- C:\Users\Dell\AppData\Local\Anwendungsdaten
[2008.05.14 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Apple
[2008.05.14 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Apple Computer
[2009.10.27 22:12:05 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Apps
[2009.10.31 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Autodesk
[2012.08.07 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\AVM_Berlin
[2012.12.23 13:01:14 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Deployment
[2008.11.06 12:27:29 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Downloaded Installations
[2008.12.09 12:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Electronic Arts
[2011.11.14 23:46:35 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Google
[2012.06.14 17:33:32 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Macromedia
[2009.07.04 17:14:46 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\MediaDirect
[2012.08.16 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Microsoft
[2008.09.23 12:06:16 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Microsoft Games
[2009.05.03 12:26:59 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Microsoft Help
[2007.12.29 01:50:39 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Mozilla
[2011.06.07 22:14:26 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\PackageAware
[2012.08.10 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Passbild_Generator
[2008.02.19 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Powercinema
[2009.08.23 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\PunkBuster
[2008.02.18 17:25:16 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Steam
[2012.12.23 13:54:23 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\Temp
[2007.11.11 20:49:45 | 000,000,000 | -HSD | M] -- C:\Users\Dell\AppData\Local\Temporary Internet Files
[2007.11.11 20:49:45 | 000,000,000 | -HSD | M] -- C:\Users\Dell\AppData\Local\Verlauf
[2008.03.26 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\VirtualStore
[2007.12.24 22:15:14 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Local\World in Conflict - DEMO
 
< %localappdata%\*.* >
[2011.03.24 19:34:54 | 000,001,356 | ---- | M] () -- C:\Users\Dell\AppData\Local\d3d9caps.dat
[2012.12.03 20:31:26 | 000,173,568 | ---- | M] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.04 20:55:45 | 000,098,752 | ---- | M] () -- C:\Users\Dell\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.12.23 13:34:19 | 002,229,163 | -H-- | M] () -- C:\Users\Dell\AppData\Local\IconCache.db
 
< %allusersprofile%\*.  >
[2012.12.12 02:02:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2007.11.11 20:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2008.05.14 18:27:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2008.05.14 18:28:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2006.11.02 14:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009.11.03 17:29:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2011.07.07 22:34:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2011.10.26 20:10:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon IJ Network Tool
[2011.05.13 06:37:29 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011.10.26 20:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2011.06.07 22:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel
[2009.06.20 14:45:53 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2007.11.11 22:11:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2006.11.02 14:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2010.08.27 20:59:04 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX
[2006.11.02 14:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007.11.11 20:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007.11.11 20:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 14:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009.10.30 16:33:31 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2010.01.31 22:57:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2011.01.24 18:57:48 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallShield
[2012.10.09 10:25:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2008.02.11 17:39:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Macrovision
[2012.12.23 11:52:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.07.02 18:28:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Media Center Programs
[2010.07.29 11:45:30 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.12.23 01:35:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.05.05 11:44:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2010.01.08 10:38:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2010.01.31 22:49:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011.04.24 19:20:27 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2009.10.21 18:46:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2008.03.12 20:42:31 | 000,000,000 | ---D | M] -- C:\ProgramData\pixelStorm
[2011.04.07 13:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010.01.04 15:24:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PreEmptive Solutions
[2008.01.30 22:12:24 | 000,000,000 | ---D | M] -- C:\ProgramData\QuickTime
[2012.12.23 01:16:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2006.11.02 14:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007.11.11 20:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.03.30 22:49:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012.09.19 12:57:03 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006.11.02 14:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008.11.18 21:14:33 | 000,000,000 | ---D | M] -- C:\ProgramData\TerraTec
[2007.11.11 20:48:05 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008.12.01 12:56:15 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008.03.26 20:26:59 | 000,000,000 | ---D | M] -- C:\ProgramData\WLInstaller
[2011.11.25 20:37:02 | 000,000,000 | ---D | M] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
 
< %allusersprofile%\*.* >
[2011.12.27 22:51:46 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.06.07 22:53:51 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2008.09.10 19:29:44 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.12.19 15:43:46 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.02 15:10:45 | 000,210,516 | ---- | M] () -- C:\ProgramData\nvModes.dat
 
<           >
[2006.11.02 14:00:25 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:00:25 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 23.12.2012 13:57:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,28% Memory free
4,23 Gb Paging File | 3,59 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184,22 Gb Total Space | 37,89 Gb Free Space | 20,57% Space Free | Partition Type: NTFS
 
Computer Name: DELL-XPS | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\FireFox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DAD4C6E-DFFC-4374-A3CE-53775FEE544D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DCF0B81-CAFB-4932-9E24-63C948071D4D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2EE12DF0-CE10-47CA-9A76-3C519F317D65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{301D9606-01E3-47B1-BFED-23935509D8D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{33069354-C2C6-413F-AF93-05A11563334A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3759E0E9-5126-42AA-BC92-AB48B2E970C0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{379F123C-877F-41AA-B5C2-91AE5F6D447C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{425569D7-345F-4AD2-85EB-4B9737546ED3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4601861E-F6A0-4F71-B03F-73485F8FB815}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5031C151-5932-4557-91B5-D78C86E3EB9E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{52903CC4-AC34-4380-8649-489F3C1FEF9B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5C4B0DE3-5803-4912-BE82-7E4D7222BF88}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | 
"{5D8C7D4A-4CDC-4C4F-8517-5DCD10047E92}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6FAB333E-9014-4B78-8837-C01E2F717FE0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{746E3FE5-73CF-4763-AD34-1E442CEBE840}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7BF2F3F4-32A2-40A0-A879-6857F50DE5EB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9962AEB5-839A-4CD5-87EF-3385DF8C0D2F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9C310039-A358-4FF5-B273-B1372F28F5D2}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A3074FC7-CB93-4C36-8A6F-A44CA5EBB938}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C4D47528-68EF-48E3-99FD-F6903868AAE8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CFF3D49D-6391-46C2-8E45-72DED395737D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DB0108AB-FC33-4E5D-AD82-0638D9607937}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{EB44E1AA-911C-4F71-8E9B-F2BDA156754F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FAF9FC4D-2111-4292-A20F-6C11EE96A40D}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A260383-5E29-4068-9A37-F61E3901FD99}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike\hl.exe | 
"{0D07929F-596B-4794-96EB-62559259C7D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{168F42CB-515C-4494-94FF-FA2C9FFE1ADF}" = protocol=6 | dir=in | app=c:\users\dell\appdata\local\apps\2.0\7kme2vjn.dez\5aok0m5t.04c\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{1AD9B8F3-C494-4872-96D1-80D1475AE5B4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{1B6E0DC5-A47E-41FB-86F4-507648FF9032}" = dir=in | app=c:\hilfsproggs\skype\phone\skype.exe | 
"{1DF70E57-5F6F-4699-A181-16D7DC707C0C}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike source\hl2.exe | 
"{1E75CAAB-0446-4726-8311-C5E84BDCD062}" = protocol=6 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvrupdate\cinergydvrup_date.exe | 
"{249FC66D-1BE5-4050-96FB-3CCC6E02EEE9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2613D073-7945-4D55-8657-4DE7494299D1}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike\hl.exe | 
"{26C8435D-0E87-46B4-943B-6049A3AF7BA4}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{28D31D0C-C217-42D6-A421-155C7EA2CA4B}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{2A6F6022-D218-4A14-8DE9-A8E6E48525EF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{30F83FB2-AF36-4271-8AA0-BEB7427562FA}" = protocol=6 | dir=in | app=c:\users\dell\appdata\local\apps\2.0\7kme2vjn.dez\5aok0m5t.04c\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{4101EA0D-A587-4A68-83A2-A44DEF392ED2}" = protocol=17 | dir=in | app=c:\spiele\valve\steam.exe | 
"{42CF8E24-91FD-4359-85E9-3FBF3566DCB5}" = protocol=17 | dir=in | app=c:\users\dell\appdata\local\akamai\netsession_win.exe | 
"{4ABEA8C3-8670-42BC-AC9F-15568EAA156D}" = protocol=17 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvr.exe | 
"{5A675923-28A5-4468-900D-DE61491D681C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{5AD4931A-0E6E-4E25-BD20-2314F2D44FB9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{62ABB845-097F-4CDA-8457-2AE5B09607E3}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike source\hl2.exe | 
"{6499B43C-9CF4-499B-AA47-7973E1D3D2B1}" = protocol=17 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvrupdate\cinergydvrup_date.exe | 
"{68FB75BA-8D87-4F39-AC9E-617CB5327D99}" = protocol=17 | dir=in | app=c:\users\dell\appdata\local\apps\2.0\7kme2vjn.dez\5aok0m5t.04c\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{69E8731B-9E7A-426D-B6DC-712D10BD5975}" = protocol=6 | dir=in | app=c:\users\dell\appdata\local\akamai\netsession_win.exe | 
"{6FEFD61E-9299-4DCA-AE3D-9A95B9AD7B10}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{7BD2EF2C-AB5E-4B04-885E-8CAFD91BC6B8}" = protocol=17 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvrhelper.exe | 
"{7BF1E94D-195C-4B33-965D-1F48070620CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7C92840E-B84A-45BD-B01B-0F61C0B5E2B1}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\srcds.exe | 
"{7DC3179E-DC46-4CF5-BEAC-56C655ED396D}" = protocol=6 | dir=in | app=c:\hilfsproggs\terratec tv\tvtvsetup\tvtv_wizard.exe | 
"{7E9FBB87-36EF-498F-99EE-08E265EF61CD}" = protocol=6 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvrupdate\cinergydvrup_date.exe | 
"{86DE42E4-8B33-4151-9FD8-96AE7DBF22C1}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\srcds.exe | 
"{887D0941-D790-49DB-91FF-CC56FD4C1981}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike\hl.exe | 
"{88A2CBDA-E01C-4EF4-9249-5C7DDF5CC0FF}" = protocol=17 | dir=in | app=c:\users\dell\appdata\local\temp\{ec9f3fe6-b123-4ad9-98ef-ab2aa6455dad}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{90453602-86A2-45B1-A5B7-4F080D52E511}" = protocol=6 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvrhelper.exe | 
"{94077712-76B4-47C2-A8E8-F52FFCC2EFEB}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{9A58A704-3DE4-469D-BB19-8AF2DB36D7CA}" = protocol=17 | dir=in | app=c:\hilfsproggs\terratec tv\tvtvsetup\tvtv_wizard.exe | 
"{A2120EE2-B814-4696-8D92-70F0F6800168}" = protocol=6 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvr.exe | 
"{A348380D-0E8D-4209-BCE0-A0138B5A8279}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{A5D3F994-F54D-4BAA-8EF1-EF5AD7B70418}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike source\hl2.exe | 
"{AAB43005-E1D1-4A7D-91F9-C1518D1D0B21}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\srcds.exe | 
"{ABF2B6CD-080E-48ED-8868-F66F181E9C0E}" = protocol=6 | dir=in | app=c:\spiele\valve\steam.exe | 
"{AF040E25-4A04-4982-872D-19CF4F07EC33}" = protocol=17 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvrupdate\cinergydvrup_date.exe | 
"{B040A50F-8F38-41FA-8D29-0B6CCCB67B1B}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{B7079761-CF2D-4A51-9262-BF9B885E6EB2}" = protocol=17 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvr.exe | 
"{BAC03D35-0CC2-41FE-A19C-78F06F4052B0}" = protocol=6 | dir=in | app=c:\users\dell\appdata\local\temp\{ec9f3fe6-b123-4ad9-98ef-ab2aa6455dad}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{BAECFAEC-A7D1-41DD-83D3-BC1F0C7F3343}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\swarm.exe | 
"{C512826B-DEE7-4056-84C6-F1C784F149B5}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\srcds.exe | 
"{C81FC0F0-80BF-4F88-8D7B-5FDEAF78281E}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{CD62CAF9-7D72-4723-95E3-87AD383E7CED}" = protocol=6 | dir=in | app=c:\hilfsproggs\terratec tv\cinergydvr.exe | 
"{D24E487F-BA05-4BD9-B0DE-052A9F9D2F6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DF016747-AF0A-4F29-828E-EC7C23EB5FAC}" = protocol=17 | dir=in | app=c:\users\dell\appdata\local\apps\2.0\7kme2vjn.dez\5aok0m5t.04c\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe | 
"{E36C481A-2437-4377-80F2-B57978914481}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{E7D2C7D9-E278-431C-B397-A39A7C0DBEC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EB31E538-07C1-4E96-BBBE-804B42C289AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ED9EAEB7-703B-4A01-A14E-D6EE83E3ECFC}" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike\hl.exe | 
"{F5FDAD88-E436-4EDC-B14A-693FF917D0F1}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\0shieldman0\counter-strike source\hl2.exe | 
"{FA779B9F-7544-4C7B-A452-2EDEF099AE46}" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\swarm.exe | 
"TCP Query User{08B17BF8-DE15-4BAC-A9A0-079D4344A7EF}C:\spiele\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\spiele\gta2\gta2.exe | 
"TCP Query User{25BA86F1-9C06-48D4-89EE-1A7C5EBE6D01}C:\spiele\starcraft\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft\starcraft\starcraft.exe | 
"TCP Query User{3403A0E9-8659-42BD-A272-D1EFD43CC824}C:\spiele\aoe ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\aoe ii\age2_x1\age2_x1.exe | 
"TCP Query User{3D81507E-1765-4D6A-9A5E-4F8BF15DF3EC}C:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"TCP Query User{439CB509-ABBD-4CFA-BEBF-EC24F7CF017B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{4826FB92-34C4-4A8F-B465-B51663422C4E}C:\spiele\lf2_v1.9c\lf2.exe" = protocol=6 | dir=in | app=c:\spiele\lf2_v1.9c\lf2.exe | 
"TCP Query User{4B941881-D0EC-4747-A967-FC4AC6D9A347}C:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe | 
"TCP Query User{50FACA1C-2E8B-436F-8486-D0694FD474D2}C:\spiele\death space\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\spiele\death space\dead space\dead space.exe | 
"TCP Query User{5FA258CC-1407-41C4-A7E9-FF1CA8CE310A}C:\hilfsproggs\icq\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\hilfsproggs\icq\icqlite\icqlite.exe | 
"TCP Query User{60AFBA84-F0C7-4B2F-A39F-8FB1355BC868}C:\spiele\lf2_v1.9c\lf2.exe" = protocol=6 | dir=in | app=c:\spiele\lf2_v1.9c\lf2.exe | 
"TCP Query User{698B93AF-DD4B-457E-884D-DE851F1BEBF9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{70D4B266-C62F-4EF7-82BE-175682309E11}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe | 
"TCP Query User{7AF74945-A277-4C98-BA88-D299655AAC90}C:\spiele\death space\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\spiele\death space\dead space\dead space.exe | 
"TCP Query User{7BCA6D43-1421-4036-9EA2-76DA92AD2ACB}C:\spiele\aoe ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\spiele\aoe ii\age2_x1\age2_x1.exe | 
"TCP Query User{9337A1B2-5016-497E-86EF-A9E697EB47DC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{A66ED7A7-8B5C-48F1-AE42-9582A99F3FEF}C:\users\dell\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{A6767083-6AA6-4D00-9290-112AA3EA66B1}C:\program files\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox\firefox.exe | 
"TCP Query User{A7790DCC-4FF3-4E9A-AAAA-E7E263DAEB65}C:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe | 
"TCP Query User{ACC29E0E-FB3F-46B4-B9BC-5888A90805ED}C:\spiele\valve\steamapps\common\alien swarm\swarm.exe" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\swarm.exe | 
"TCP Query User{B52CF579-503E-4963-8F90-6EF8F0DD9462}C:\program files\firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\firefox\plugin-container.exe | 
"TCP Query User{BCE6CD99-BEB7-4042-9628-727DBFD562FB}C:\hilfsproggs\icq\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\hilfsproggs\icq\icqlite\icqlite.exe | 
"TCP Query User{CCE794FA-EF89-4FF0-A96F-64E8375E7200}C:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"TCP Query User{D1CD6021-6BCE-4616-AE2D-20A08D1CD5DE}C:\spiele\valve\steamapps\tepes88\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\spiele\valve\steamapps\tepes88\counter-strike\hl.exe | 
"TCP Query User{E89258A4-23DD-4E60-AC91-A2D0E45A6C1C}C:\spiele\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\spiele\gta2\gta2.exe | 
"TCP Query User{EC935DD3-1CC0-4408-AAB9-BBBA862D2BA2}C:\spiele\starcraft\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft\starcraft\starcraft.exe | 
"TCP Query User{F642C919-54AA-4137-A686-A3841C637B39}C:\spiele\dod\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\dod\hl2.exe | 
"UDP Query User{1A40305D-2C96-4088-A297-F715C6A4C3DB}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe | 
"UDP Query User{1AFEE882-854B-475F-96AB-D3AC4046F238}C:\spiele\valve\steamapps\tepes88\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\tepes88\counter-strike\hl.exe | 
"UDP Query User{1C588EB2-A61D-4986-8DB0-9930566D5087}C:\spiele\death space\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\spiele\death space\dead space\dead space.exe | 
"UDP Query User{1C60E880-26B2-43EA-B861-57903BB95120}C:\spiele\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\spiele\gta2\gta2.exe | 
"UDP Query User{327ADA13-8267-4267-B5F3-A4AE58C9E4CB}C:\program files\firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\firefox\plugin-container.exe | 
"UDP Query User{3399E391-4884-4559-BF8B-3E5D4CF774BD}C:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe | 
"UDP Query User{4866714E-26D6-445C-B91C-22ABEC9D5719}C:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\css\counter strike source\cs\counter-strike source\hl2.exe | 
"UDP Query User{4B850C9A-CA78-4F81-946A-80C3116820AB}C:\spiele\aoe ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\aoe ii\age2_x1\age2_x1.exe | 
"UDP Query User{63256AB8-6C7D-4D36-A9E4-D437F195773F}C:\spiele\valve\steamapps\common\alien swarm\swarm.exe" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\alien swarm\swarm.exe | 
"UDP Query User{7673C544-7188-4B98-AD19-ECB8CB8ADB63}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{80176669-F634-4D91-B37B-F6E7FED3FBC2}C:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"UDP Query User{868FDE14-CA22-455E-B004-688DBC427873}C:\hilfsproggs\icq\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\hilfsproggs\icq\icqlite\icqlite.exe | 
"UDP Query User{8D6AF56A-73AF-4E20-9F35-2068B11AC0AE}C:\spiele\starcraft\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft\starcraft\starcraft.exe | 
"UDP Query User{9CAAF2F6-296F-49F2-BDE8-A23E9EF078DF}C:\spiele\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\spiele\gta2\gta2.exe | 
"UDP Query User{A6AE9B69-5006-46DF-BEE6-733E0C2544A9}C:\spiele\lf2_v1.9c\lf2.exe" = protocol=17 | dir=in | app=c:\spiele\lf2_v1.9c\lf2.exe | 
"UDP Query User{B73C693B-1C86-4BAE-899B-0CC2D1AC2961}C:\spiele\aoe ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\spiele\aoe ii\age2_x1\age2_x1.exe | 
"UDP Query User{C60B6036-F50C-47D4-8CA4-97CF8BE46C15}C:\users\dell\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{C7B1A8A1-22CE-4F09-84FB-636BFB0733AD}C:\spiele\starcraft\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft\starcraft\starcraft.exe | 
"UDP Query User{D01A7D39-D33B-46FB-9DDC-6DD6FB4C58EF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{D4F6D48C-03CD-4D13-BB32-D9CB8848A3A9}C:\program files\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox\firefox.exe | 
"UDP Query User{D98CFCBC-447E-44E0-ABA9-530F21861203}C:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\spiele\valve\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"UDP Query User{DAF626E7-CDE7-4F01-B23F-88703F41DB71}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DECC5D88-F151-497B-9C94-1384327162DB}C:\spiele\dod\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\dod\hl2.exe | 
"UDP Query User{EC129A97-B64A-4F79-B3D4-4622940102FF}C:\spiele\death space\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\spiele\death space\dead space\dead space.exe | 
"UDP Query User{F38C1561-0AAE-4A5D-B94A-7936F1B564D2}C:\hilfsproggs\icq\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\hilfsproggs\icq\icqlite\icqlite.exe | 
"UDP Query User{FE4159CF-FB30-44E1-AB39-26BD84948843}C:\spiele\lf2_v1.9c\lf2.exe" = protocol=17 | dir=in | app=c:\spiele\lf2_v1.9c\lf2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-7004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2009 - Deutsch
"{5783F2D7-8004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2010 - Deutsch
"{5783F2D7-8004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2010 Language Pack - Deutsch
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777C06F9-8462-4289-9026-0462906E177F}" = XPS LightFX SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8D52E0F9-17A0-493B-8692-937381DDB62B}" = SimCity 2000
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Akamai" = Akamai NetSession Interface Service
"ANNO1602" = Anno 1602
"AutoCAD Architecture 2009 - Deutsch" = AutoCAD Architecture 2009 - Deutsch
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Cossacks II" = Cossacks II
"Counter-Strike: Source" = Counter-Strike: Source
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Duke Nukem 3D HRP" = Duke Nukem 3D HRP V 4.0 (321)
"Earthworm Jim_is1" = Earthworm Jim
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ICQLite" = ICQ 5.1
"ICQ-Tools_is1" = mehr ICQ Statussymbole
"Icy Tower_is1" = Icy Tower v1.3
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Little Fighter 2" = Little Fighter 2 version 2.0a
"MC-Load Preinstaller" = MC-Load Preinstaller
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Starcraft" = Starcraft
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinRAR archiver" = WinRAR Archivierer
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-634343067-3124121181-2066602064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2010 19:04:59 | Computer Name = Dell-XPS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0x9a8, 
Anwendungsstartzeit 01cb1484973279f8.
 
Error - 08.07.2010 12:14:43 | Computer Name = Dell-XPS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
 0x4aa91411, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x49a1840f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000d4736,  Prozess-ID 0xa60, Anwendungsstartzeit
 01cb1eb809f9e960.
 
Error - 11.07.2010 09:23:40 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.07.2010 09:23:43 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.07.2010 09:23:43 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.07.2010 19:22:05 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.07.2010 06:29:15 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.07.2010 06:29:15 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.07.2010 07:06:09 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.07.2010 07:06:09 | Computer Name = Dell-XPS | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 05.02.2010 07:39:07 | Computer Name = Dell-XPS | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1667
Invoked
 Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 05.02.2010 07:56:26 | Computer Name = Dell-XPS | Source = vpndownloader | ID = 67108866
Description = Function: CTcpListenTransport::initiateListening File: ..\Common\IPC\SocketTransport.cpp
Line:
 1812 Invoked Function: bind Return Code: 10013 (0x0000271D) Description: Der Zugriff
 auf einen Socket war aufgrund der Zugriffsrechte des Sockets unzulässig.   
 
Error - 05.02.2010 07:56:26 | Computer Name = Dell-XPS | Source = vpndownloader | ID = 67108866
Description = Function: CIpcDepot::initiateIpcListening File: ..\Common\IPC\IPCDepot.cpp
Line:
 382 Invoked Function: CTcpListenTransport::initiateListening Return Code: -31522784
 (0xFE1F0020) Description: SOCKETTRANSPORT_ERROR_BIND 
 
Error - 05.02.2010 07:56:26 | Computer Name = Dell-XPS | Source = vpndownloader | ID = 67108866
Description = Function: CDnldrIpc::CreateDownloaderDepot File: .\DnldrIpc.cpp Line:
 1285 Invoked Function: CIpcDepot::initiateIpcListening Return Code: -31522784 (0xFE1F0020)
Description:
 SOCKETTRANSPORT_ERROR_BIND 
 
Error - 05.02.2010 07:56:26 | Computer Name = Dell-XPS | Source = vpndownloader | ID = 67108866
Description = Function: CDownloaderDlg::CDownloaderDlg File: .\DownloaderDlg.cpp Line:
 193 Invoked Function: CDnldrIpc Return Code: -31522784 (0xFE1F0020) Description: SOCKETTRANSPORT_ERROR_BIND

 
Error - 05.02.2010 07:56:26 | Computer Name = Dell-XPS | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::launchCachedDownloader File: .\ConnectMgr.cpp
Line:
 4958 Invoked Function: ConnectMgr :: launchCachedDownloader Return Code: 1 (0x00000001)
Description:
 Cached Downloader terminated abnormally 
 
Error - 05.02.2010 07:56:26 | Computer Name = Dell-XPS | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1667
Invoked
 Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 05.02.2010 07:57:10 | Computer Name = Dell-XPS | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 05.02.2010 07:57:10 | Computer Name = Dell-XPS | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 06.02.2010 23:27:49 | Computer Name = DELL-XPS | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
[ Media Center Events ]
Error - 18.04.2008 07:36:51 | Computer Name = Dell-XPS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 09.12.2011 08:05:36 | Computer Name = Dell-XPS | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:47:07 | Computer Name = Dell-XPS | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 23.12.2012 05:57:38 | Computer Name = Dell-XPS | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >

ryder · 23.12.2012, 14:18

Oh Mann ist da viel Mist drauf, da muss man sich auch nicht wirklich wundern.

Aber es sieht ganz okay aus.

Dann weiter:

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2:
ESET Online Scanner

Zitat:

Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Bitte hier klicken --->
Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.

IE-User müssen das Installieren eines ActiveX Elements erlauben.

Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.

Warte bis die Komponenten herunter geladen wurden.

Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.

drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange (einige Stunden) dauern!

Wenn der Scan beendet wurde
Klicke und dann

Speichere das Logfile als ESET.txt auf dem Desktop.

Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck: LINK1 LINK2
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Mufus · 23.12.2012, 14:41

Schritt 1 - Log (er hat nichts gefunden):

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.23.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-XPS [Administrator]

Schutz: Aktiviert

23.12.2012 14:32:03
mbam-log-2012-12-23 (14-32-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236152
Laufzeit: 4 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

3,5h das ist schon krass. ^^

6 Stück gefunden. Davon sind aber 5 bereits in Quarantäne bzw. bekannt, nicht?

ESET-Log:

Code:

ATTFilter

C:\Qoobox\Quarantine\C\Users\Dell\AppData\Roaming\appconf32.exe.vir	a variant of Win32/Kryptik.AQVS trojan
C:\Qoobox\Quarantine\C\Users\Dell\AppData\Roaming\BAcroIEHelpe228.dll.vir	a variant of Win32/Spy.Banker.YUN trojan
C:\Qoobox\Quarantine\C\Users\Dell\AppData\Roaming\BAcroIEHelpe235.dll.vir	a variant of Win32/Spy.Banker.YUN trojan
C:\Spiele\Valve\SteamApps\common\left 4 dead 2\config\html\f_000013	JS/Kryptik.CG trojan
C:\_OTL\MovedFiles\12222012_225316\C_Users\Dell\wgsdgsdgdsgsd.dll	Win32/Reveton.N trojan
C:\_OTL\MovedFiles\12222012_225316\C_Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk	Win32/Reveton.M trojan

Kann es sein, dass seit unserem Prozess sich Avira deaktiviert hat?

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.56  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 CCleaner     
 Java 7 Update 10  
 Java version out of Date! 
 Adobe Flash Player 	11.5.502.135  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Ich bin morgern komplett ausser Haus, also nicht wundern, wenn ich da leider nicht antworten kann.

ryder · 24.12.2012, 22:47

4 Stunden ist gar nichts ... das kann auch mal 12 dauern

Zitat:

C:\Spiele\Valve\SteamApps\common\left 4 dead 2\config\html\f_000013 JS/Kryptik.CG trojan

Diese Datei bitte löschen.

Updates brauchen wir und einen Virenscanner.

Schritt 1:
Installiere Avast.

Lade dir den Scanner und installiere ihn nach dieser Anleitung.

Schritt 2:
Update: Adobe Reader

Deinstalliere deine alte Version von Adobe Reader (Systemsteuerung > Programme > Deinstallieren).
Lade dir die aktuelle Version hier herunter: get.adobe.com/de/reader/
Entferne dabei den Haken:

- oder -

Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:

Lade dir den Foxit Reader von www.foxitsoftware.com/downloads/ .
Starte die Installation und entferne dabei die folgenden Haken:

Schritt 3:
lesen

Warnung: Registry-Cleaner

Zitat:

Lesestoff:
Registry-Cleaner und temporäre Dateien
Aus deinen Logfiles geht hervor, dass du eines dieser Programme benutzt. Wir empfehlen solche Programme nicht zu benutzen. Die Registrierung ist ein zentraler Bestandteil des Betriebssystems. Löscht ein Registry-Cleaner die falschen Zeilen kann das im schlimmsten Fall dazu führen, dass dein Computer unbootbar wird. Einige verwaiste Registryeinträge sind nicht weiter tragisch und auch die höhere Geschwindigkeit beim Booten ist normalerweise nicht merklich. Das Risiko, dass das Programm dein System "zerstört" ist einfach zu hoch. Ich empfehle dir also dringend, das Programm zu deinstallieren.

Beispielsweise bei CCleaner wird auch eine Funktion angeboten die temporären Dateien zu löschen. Wenn du von der Registrybereinigung die Finger läßt ist gegen den Einsatz von CCleaner nichts zu sagen. Ein alternatives Programm dafür möchte ich dir gerne noch empfehlen: TFC - einfach als Administrator starten und zurücklehnen.

Schritt 4:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck: LINK1 LINK2
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

23.12.2012, 12:07	#18
ryder /// TB-Ausbilder	WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Du hast das "nur wenn angefordert" gepostet. Ich möchte gerne noch das andere. __________________ __________________

23.12.2012, 12:14	#20
ryder /// TB-Ausbilder	WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt Gut, dann bitte MBAR nochmal laufen lassen. Neues Logfile posten, diesmal sollte es sauber sein __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

23.12.2012, 12:40	#22
ryder /// TB-Ausbilder	WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt YAAAAAY Dann bitte ein letztes Mal Combofix laufen lassen. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt

Log-Analyse und Auswertung: WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt