Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner wgsdgsdgdsdsd.dll h1n1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.12.2012, 19:16   #1
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Hallo,
habe mir wohl auch leider den Virus, der hier schon häufig als "GVU-Trojaner" bezeichnet worden ist, eingefangen, Nach dem Start des Computers kam der bekannte Bildshcirm mit der Aufforderung einen bestimmten Betrag zu überweisen. Habe den PC dann einfach mit dem An-/Ausschalter neu gestartet. Läuft vom Grundsatz auch, aber das Virenprogramm (Antivir) macht Zicken und das Sichwerheitscenter von Windows 7 kann ich auch nicht öffnen/aktivieren. Habe zudem versucht, den PC per Wiederherstellungspunkt zurückzusetzen, ist aber auch misslungen. Beim Neustart bekomme ich zudem eine Meldung, dass das angegebene Modul wgsdgsdgdsgsd.dll nicht gefunden wurde.

Es wäre nett, wenn mir hier jemand aus der Patsche helfen könnte.
Vielen Dank
arniek

Alt 27.12.2012, 19:20   #2
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.



Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe


  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

__________________

__________________

Alt 27.12.2012, 21:25   #3
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



OK. Hier ist dewr Log von Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.27.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Arne :: ARNE-PC [Administrator]

27.12.2012 19:39:19
mbam-log-2012-12-27 (21-12-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 417463
Laufzeit: 1 Stunde(n), 19 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 12
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\1504cc09b827d9ddaf53508828ea9e1cd33cf\MahjongEscapeAncientChina.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\1b19f3b01c9b4896f3d033d25f91dbd371ed53\Sparkle.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\204037809ccaa79498752b3250326df1472184f\AlabamaSmithFluchtAusPompeji.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\23f87717e226aaa8328aa4a1e1ffa6cb5fd2c851\DasVermaechtnisDesEinhorns.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\333e317d015dddf3c41781158d3976ea9b61\ZenGems.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\337fd595c0f8a89c39f7a9de60f896887354cef\Annabel.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\345a66328d6d431f8eef13dd1c2f1c8292c965\LauraJones.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\6351048f368ba5d7f2686105bfac571222ea9\BuildALot.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\ac459185b20e65bb4116c2739bd275bd769e5f7\PeggleDeluxe.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\d63663e9b684ba1d2817c13b4699ebdd6831a\AliceGreenfingers2.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\Users\Arne\AppData\Local\Thinstall\Cache\Stubs\de205a8da4532ac654f12ffc11444f5d8ca10f6\YoudaFarmer.exe (Trojan.Backdoor) -> Keine Aktion durchgeführt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)

Und hier das Ergebnis von OLT.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.12.2012 21:16:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arne\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,39% Memory free
6,50 Gb Paging File | 5,03 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 837,99 Gb Free Space | 92,05% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,16 Gb Free Space | 55,81% Space Free | Partition Type: NTFS
 
Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Arne\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3748.36959__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- C:\Users\Arne\wgsdgsdgdsgsd.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (adiusbaw) -- system32\DRIVERS\adiusbaw.sys File not found
DRV - (adiusbae) -- system32\DRIVERS\adiusbae.sys File not found
DRV - (ADILOADER) -- System32\Drivers\adildr.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [binary data]
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes\{2C821ED5-A5A5-4AA9-849B-CFDB3815BA8A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\SearchScopes\{FF11B7C6-119A-4B39-90FD-39D871A40618}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4B2B128A-ECA4-4887-87A7-55E9770DD596&apn_sauid=D0953A3E-673A-4925-85BA-5FFE12B7B74E
IE - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=4B2B128A-ECA4-4887-87A7-55E9770DD596&apn_ptnrs=&apn_sauid=D0953A3E-673A-4925-85BA-5FFE12B7B74E&apn_dtid=OSJ000&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.07 20:16:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.15 18:33:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.12.15 15:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Extensions
[2010.11.01 19:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.11 21:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\wtfjwvog.default\extensions
[2012.09.21 22:01:46 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Arne\AppData\Roaming\mozilla\Firefox\Profiles\wtfjwvog.default\extensions\toolbar@ask.com
[2012.11.18 10:33:04 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\extensions\toolbar@web.de.xpi
[2012.12.11 21:25:04 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.18 10:33:06 | 000,000,911 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\11-suche.xml
[2012.09.21 22:01:46 | 000,002,299 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\askcom.xml
[2012.11.18 10:33:06 | 000,002,273 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\englische-ergebnisse.xml
[2012.11.18 10:33:06 | 000,010,563 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\gmx-suche.xml
[2012.11.18 10:33:06 | 000,002,432 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\lastminute.xml
[2012.11.18 10:33:06 | 000,005,545 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\mozilla\firefox\profiles\wtfjwvog.default\searchplugins\webde-suche.xml
[2012.12.07 20:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.28 20:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.10.28 20:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2364746036-3938550401-4069990109-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [adiras] adiras.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D83F242-C9CA-469F-809D-E2294A1CA395}: NameServer = 89.246.64.8 62.220.18.8
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.27 19:36:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.12.27 19:36:38 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Malwarebytes
[2012.12.27 19:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.27 19:36:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.27 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.27 19:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.27 17:52:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.27 17:37:59 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Avira
[2012.12.27 17:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.27 17:32:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.12.27 17:32:25 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.27 17:32:25 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.12.27 17:32:25 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.12.27 17:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.27 17:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.12.26 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\ACD Systems
[2012.12.26 12:12:01 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\ACD Systems
[2012.12.26 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
[2012.12.26 12:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2012.12.26 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2012.12.26 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2012.12.26 12:07:43 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\Downloaded Installations
[2012.12.21 16:01:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.21 16:01:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.19 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\ImgBurn
[2012.12.15 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Orneon
[2012.12.15 18:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.12.13 16:29:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.13 16:29:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.13 16:29:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.13 16:29:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.13 16:29:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.13 16:29:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.13 16:29:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.13 16:29:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.13 10:45:44 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.13 10:45:27 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.13 10:45:27 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.13 10:45:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 10:45:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 10:45:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 10:45:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 10:45:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 10:45:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 10:45:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 10:45:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 10:45:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 10:45:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 10:45:09 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.13 10:45:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.11 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das Schloss der Schatten
[2012.12.11 21:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das Schloss der Schatten
[2012.12.11 21:22:05 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das versteinerte Koenigshaus
[2012.12.11 21:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Echoes of the Past - Das versteinerte Koenigshaus
[2012.12.11 19:49:52 | 000,121,376 | ---- | C] (Martin Pesch) -- C:\Users\Arne\mp3DirectCut.exe
[2012.12.11 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\Arne\Languages
[2012.10.14 17:39:46 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Arne\AppData\Roaming\SetupGFD.exe
[2012.10.14 17:39:28 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Arne\AppData\Roaming\Imgburn.exe
[2012.10.14 17:39:20 | 005,082,084 | ---- | C] (The Public) -- C:\Users\Arne\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 20:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.27 19:37:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.12.27 19:36:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.27 17:32:36 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.27 17:30:20 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 17:30:20 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 17:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 17:23:08 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.27 11:20:29 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.26 22:54:47 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.26 22:54:47 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.26 22:54:47 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.26 22:54:47 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.26 22:39:37 | 000,002,865 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.26 12:16:48 | 000,003,584 | ---- | M] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.26 12:10:15 | 000,002,869 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 4.lnk
[2012.12.22 11:50:50 | 000,046,792 | ---- | M] () -- C:\Users\Arne\Desktop\111-Funny-PicDump-001-by-www.FunnyPica.com_.jpg
[2012.12.21 17:17:51 | 000,366,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.15 22:33:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.12.12 11:39:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 11:39:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.11 21:24:20 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das Schloss der Schatten.lnk
[2012.12.11 21:22:27 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das versteinerte Koenigshaus.lnk
[2012.12.11 21:21:07 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2012.12.11 19:55:07 | 000,001,723 | ---- | M] () -- C:\Users\Arne\mp3DirectCut.ini
[2012.12.11 19:49:53 | 000,000,680 | ---- | M] () -- C:\Users\Arne\Desktop\mp3DirectCut.lnk
[2012.12.07 20:16:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.04 20:12:18 | 001,350,969 | ---- | M] () -- C:\Users\Arne\Desktop\Rollitanz 2.jpg
[2012.12.04 20:11:33 | 001,359,849 | ---- | M] () -- C:\Users\Arne\Desktop\Rollitanz 1.jpg
[2012.12.04 20:11:08 | 000,360,698 | ---- | M] () -- C:\Users\Arne\Desktop\KN Rollitanz.PDF
 
========== Files Created - No Company Name ==========
 
[2012.12.27 19:36:21 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.27 17:32:36 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.26 22:39:37 | 000,002,865 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.26 22:39:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.26 12:16:48 | 000,003,584 | ---- | C] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.26 12:10:15 | 000,002,869 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 4.lnk
[2012.12.22 11:50:49 | 000,046,792 | ---- | C] () -- C:\Users\Arne\Desktop\111-Funny-PicDump-001-by-www.FunnyPica.com_.jpg
[2012.12.11 21:24:20 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das Schloss der Schatten.lnk
[2012.12.11 21:22:27 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Echoes of the Past - Das versteinerte Koenigshaus.lnk
[2012.12.11 21:21:07 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2012.12.11 19:50:51 | 000,001,723 | ---- | C] () -- C:\Users\Arne\mp3DirectCut.ini
[2012.12.11 19:49:53 | 000,000,680 | ---- | C] () -- C:\Users\Arne\Desktop\mp3DirectCut.lnk
[2012.12.11 19:49:52 | 000,026,881 | ---- | C] () -- C:\Users\Arne\Manual.htm
[2012.12.11 19:49:52 | 000,015,099 | ---- | C] () -- C:\Users\Arne\FAQ.htm
[2012.12.04 20:12:36 | 001,350,969 | ---- | C] () -- C:\Users\Arne\Desktop\Rollitanz 2.jpg
[2012.12.04 20:11:55 | 001,359,849 | ---- | C] () -- C:\Users\Arne\Desktop\Rollitanz 1.jpg
[2012.12.04 20:11:23 | 000,360,698 | ---- | C] () -- C:\Users\Arne\Desktop\KN Rollitanz.PDF
[2012.10.14 17:40:31 | 000,034,936 | ---- | C] () -- C:\Windows\System32\uninstHelixYUV.exe
[2012.10.14 17:39:39 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Arne\AppData\Roaming\AvsP.exe
[2012.10.14 17:39:36 | 001,357,348 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\MatroskaSplitter.exe
[2012.10.14 17:39:36 | 000,117,723 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\yuvcodecs-1.3.exe
[2012.07.09 10:02:54 | 000,540,891 | ---- | C] () -- C:\Users\Arne\CIMG3295.JPG
[2012.07.09 10:02:54 | 000,533,267 | ---- | C] () -- C:\Users\Arne\CIMG3297.JPG
[2012.07.09 10:02:54 | 000,522,238 | ---- | C] () -- C:\Users\Arne\CIMG3296.JPG
[2012.07.09 10:02:53 | 000,537,984 | ---- | C] () -- C:\Users\Arne\CIMG3293.JPG
[2012.07.09 10:02:53 | 000,507,119 | ---- | C] () -- C:\Users\Arne\CIMG3287.JPG
[2012.07.09 10:02:53 | 000,223,300 | ---- | C] () -- C:\Users\Arne\CIMG3301.JPG
[2012.07.09 10:02:53 | 000,161,129 | ---- | C] () -- C:\Users\Arne\CIMG3306.JPG
[2012.07.09 10:02:53 | 000,160,173 | ---- | C] () -- C:\Users\Arne\CIMG3314.JPG
[2012.07.09 10:02:53 | 000,158,375 | ---- | C] () -- C:\Users\Arne\CIMG3313.JPG
[2012.07.09 10:02:53 | 000,153,107 | ---- | C] () -- C:\Users\Arne\CIMG3310.JPG
[2012.07.09 10:02:53 | 000,152,626 | ---- | C] () -- C:\Users\Arne\CIMG3309.JPG
[2012.07.09 10:02:53 | 000,150,311 | ---- | C] () -- C:\Users\Arne\CIMG3316.JPG
[2012.07.09 10:02:53 | 000,144,032 | ---- | C] () -- C:\Users\Arne\CIMG3315.JPG
[2012.07.09 10:02:53 | 000,139,236 | ---- | C] () -- C:\Users\Arne\CIMG3317.JPG
[2012.07.09 10:02:53 | 000,127,480 | ---- | C] () -- C:\Users\Arne\CIMG3318.JPG
[2012.07.09 10:02:53 | 000,119,594 | ---- | C] () -- C:\Users\Arne\CIMG3305.JPG
[2012.07.09 10:02:53 | 000,117,698 | ---- | C] () -- C:\Users\Arne\CIMG3319.JPG
[2012.07.09 10:02:53 | 000,117,250 | ---- | C] () -- C:\Users\Arne\CIMG3320.JPG
[2012.06.27 19:43:36 | 000,141,086 | R--- | C] () -- C:\Users\Arne\verbrauchsabrehcnung 2012.PDF
[2012.06.27 19:42:53 | 000,075,771 | R--- | C] () -- C:\Users\Arne\verbrauchsabrehcnung.PDF
[2012.06.27 19:42:24 | 000,005,420 | R--- | C] () -- C:\Users\Arne\preisanpassung strom12.PDF
[2012.06.27 19:42:00 | 000,067,873 | R--- | C] () -- C:\Users\Arne\preisanpassung strom.PDF
[2012.06.27 19:41:53 | 000,148,398 | R--- | C] () -- C:\Users\Arne\strom schwerin2.PDF
[2012.06.27 19:41:09 | 000,148,398 | R--- | C] () -- C:\Users\Arne\strom schwerin.PDF
[2012.06.27 19:14:42 | 000,009,418 | R--- | C] () -- C:\Users\Arne\FCL091708423058.pdf
[2012.06.27 19:12:35 | 000,026,911 | R--- | C] () -- C:\Users\Arne\RE_AM_028-7015312-6497146.pdf
[2012.06.27 19:10:17 | 000,027,331 | R--- | C] () -- C:\Users\Arne\RECHNUNG_219060_15062012.pdf
[2012.06.27 19:09:21 | 000,027,331 | R--- | C] () -- C:\Users\Arne\RECHNUNG_218265_11062012.pdf
[2012.03.13 19:54:09 | 000,186,066 | R--- | C] () -- C:\Users\Arne\06_Betriebsuebergang.pdf
[2012.03.07 09:06:04 | 031,513,047 | ---- | C] () -- C:\Users\Arne\Ahrensbök-alte Ansichten.pdf
[2011.12.27 18:18:41 | 000,001,288 | ---- | C] () -- C:\Users\Arne\PC Inspector File Recovery.lnk
[2011.09.20 19:29:03 | 000,170,838 | R--- | C] () -- C:\Users\Arne\Datenblatt_Speedy.PDF
[2011.09.06 22:05:08 | 000,373,701 | ---- | C] () -- C:\Users\Arne\Lovefilmkonto.PDF
[2011.09.02 16:01:47 | 007,254,714 | R--- | C] () -- C:\Users\Arne\Kooperationspartner CITTI.PDF
[2011.04.28 18:16:50 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.04.28 18:16:50 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.04.28 18:16:50 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.04.28 18:16:50 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.04.28 18:16:50 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.04.28 18:16:50 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.04.28 18:16:50 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.04.28 18:16:50 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.04.28 18:16:50 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.04.28 18:16:50 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.04.28 18:16:50 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.04.28 18:16:50 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.04.28 18:16:50 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.04.28 18:16:50 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.04.28 18:16:50 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.04.28 18:16:50 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.04.28 18:16:50 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.04.28 18:16:50 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.04.28 18:16:50 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.04.28 18:16:18 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw8b.bin
[2011.04.28 18:15:34 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V30V300DEFGIPSRUk.ini
[2011.01.05 14:18:11 | 001,803,975 | R--- | C] () -- C:\Users\Arne\11nimmt_Regel.pdf
[2010.12.14 12:10:07 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.01.09 17:05:20 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\2monkeys
[2012.04.09 10:26:47 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Absolutist
[2012.12.26 12:12:01 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ACD Systems
[2011.10.01 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Anabel
[2012.08.13 16:27:08 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Awem
[2011.09.26 14:58:10 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Azuaz Games
[2011.02.20 10:54:32 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\BloodTies
[2011.04.15 18:52:26 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Boomzap
[2010.12.16 13:20:41 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Canneverbe Limited
[2011.12.31 16:00:23 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\cerasus
[2012.01.30 12:33:35 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\cerasus.media
[2011.03.28 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ChessBase
[2012.11.04 23:17:58 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoft
[2012.11.04 23:17:57 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.23 12:41:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Enlightenus
[2011.05.16 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Epson
[2012.08.30 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\FlyWheelGames
[2010.11.01 20:17:31 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Foxit Software
[2011.02.14 19:28:55 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Friday's games
[2010.11.02 16:01:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Gaijin Ent
[2012.04.01 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\GameMill Entertainment
[2012.06.17 14:23:07 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Gestalt Games
[2012.09.09 15:17:59 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Gogii
[2012.01.08 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\GTM_Bodie
[2011.09.18 13:47:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\HdO Adventure
[2011.10.21 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\iMaxGen
[2012.12.19 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ImgBurn
[2012.09.17 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Magic3
[2010.10.30 12:36:55 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\MAGIX
[2011.12.23 10:56:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Meridian93
[2012.01.29 23:06:32 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\MumboJumbo
[2012.12.16 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Orneon
[2010.11.01 19:28:24 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Panda Security
[2011.06.12 19:50:43 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PC Suite
[2011.01.07 16:47:08 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\phonostar GmbH
[2011.05.28 12:59:47 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Pirateville
[2011.02.21 20:30:26 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PlayFirst
[2011.02.25 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PoBros
[2012.08.13 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\ProtectDisc
[2012.02.15 11:31:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\RobinsonCrusoeCER
[2011.12.12 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Runes of Avalon 2
[2011.12.12 22:34:14 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Sahmon Games
[2011.01.08 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\SecretIslandGerman
[2010.12.15 16:36:51 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Settlement. Colossus
[2012.08.12 07:47:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\SulusGames
[2011.04.03 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Thinstall
[2010.11.01 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Thunderbird
[2012.08.11 23:36:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Try2
[2012.01.19 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Vast Studios
[2011.02.27 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\YoudaGames
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:0EC7A545
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:090FB735
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:AED33A42
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EEB25EAE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:5E9B629B

< End of report >
         
--- --- ---

Und von OTL Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.12.2012 21:16:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Arne\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,39% Memory free
6,50 Gb Paging File | 5,03 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 837,99 Gb Free Space | 92,05% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,16 Gb Free Space | 55,81% Space Free | Partition Type: NTFS
 
Computer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{6EEEF23B-584F-4C3A-B335-E27C3FD620D0}" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D558A73C-328A-4CBB-B0EC-DDB72599416A}" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{925455BA-EEA2-4108-97F7-440DDC544947}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A412330D-855F-4032-9CF6-DC5142DFF097}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{323B5F3C-4968-4B24-A1B5-69250CA3B064}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{DDFAE053-ECFC-4887-91B6-77D13B56D910}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All
"{0E77B4E0-0D8B-4F93-B419-29CE8498E6B6}" = Simon the Sorcerer - Wer will schon Kontakt?
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1A70582B-651A-402A-A80F-7E09A8D20230}" = Carol Reed 4
"{1C17CC71-2559-4819-88FF-EF2978986BB1}_is1" = 1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = AT-AR215 USB ADSL MODEM
"{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New
"{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English
"{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static
"{5E70B619-B3D0-4B50-B57E-5CEBE0201248}_is1" = freundin - Romance of Rome
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60356853-8141-8377-6786-285351479053}" = freundin:Jewel Empire-Hidden Secrets
"{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1" = Robinson Crusoe
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish
"{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light
"{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese
"{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian
"{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD841E2B-2F15-498E-A6C0-2FDF716B2806}_is1" = Big City Mystery
"{ADF60A14-CFC4-7174-D088-E1CFE6663EF3}" = ATI Catalyst Install Manager
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8A6E0DE-B25F-D008-C10F-81DB91224A41}" = ccc-utility
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D83D5D10-CF3E-4FDB-8639-35BC6FCB0F17}" = Carol Reed – Ein Mittsommernachtsmord
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish
"{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC80F921-2FC6-4AFB-9363-853792B20801}" = Fritz for Fun 6
"{FDE667A3-75BF-4488-912B-6876C53699FA}_is1" = Mahjongg - Ancient Mayas
"{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alabama Smith 2" = Alabama Smith 2
"Amulett der Elfen" = Amulett der Elfen
"Aqua Bubble 2 (VOLLVERSION)" = Aqua Bubble 2 (VOLLVERSION)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.5.3
"BFGC" = Big Fish Games: Game Manager
"BFG-Echoes of the Past - Das Schloss der Schatten" = Echoes of the Past: Das Schloss der Schatten
"BFG-Echoes of the Past - Das versteinerte Koenigshaus" = Echoes of the Past: Das versteinerte Koenigshaus
"BFG-Enlightenus" = Enlightenus
"BFG-Nick Chase and the Deadly Diamond" = Nick Chase and the Deadly Diamond
"BFG-Strange Cases - Das Geheimnis der Tarotkarten" = Strange Cases: Das Geheimnis der Tarotkarten
"Big City Adventure: New York City" = Big City Adventure: New York City (nur deinstallation)
"CCleaner" = CCleaner
"CrossWorlds – Die Stadt in den Wolken" = CrossWorlds – Die Stadt in den Wolken
"Das Geheimnis der Azteken_is1" = Das Geheimnis der Azteken
"Das Herz von Afrika" = Das Herz von Afrika
"Das rätselhafte Kristall-Portal" = Das rätselhafte Kristall-Portal
"Das Smaragd-Riff" = Das Smaragd-Riff
"Das Vermächtnis der Insel" = Das Vermächtnis der Insel
"Das Vermächtnis des Einhorns" = Das Vermächtnis des Einhorns
"Der Stein der Weisen" = Der Stein der Weisen
"Der vergessene Tote_is1" = Der vergessene Tote
"Diamond Drop (VOLLVERSION)" = Diamond Drop (VOLLVERSION)
"Die Abenteuer-Reise" = Die Abenteuer-Reise
"Die Fisch-Oase" = Die Fisch-Oase
"Die Runen Von Avalon 2" = Die Runen Von Avalon 2
"Die Sage von Kolossus" = Die Sage von Kolossus
"Die verborgene Welt der Kunst 2" = Die verborgene Welt der Kunst 2
"Die Wiege Olympias 2" = Die Wiege Olympias 2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EPSON PERFECTION V30_V300 PHOTO Benutzerhandbuch" = EPSON PERFECTION V30_V300 PHOTO Handbuch
"EPSON Scanner" = EPSON Scan
"Fotobuch_is1" = Fotobuch
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Gefangen: Die Entführung" = Gefangen: Die Entführung
"Geheime Fälle: Die gestohlene Venus" = Geheime Fälle: Die gestohlene Venus
"Geheime Fälle: Vermisst in Rom" = Geheime Fälle: Vermisst in Rom
"Geheimnis von Montezuma 2" = Geheimnis von Montezuma 2
"Goldfield (VOLLVERSION)" = Goldfield (VOLLVERSION)
"Green Moon_is1" = Green Moon
"Green Valley" = Green Valley
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"Hank" = Hank
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"Holly im Wunderland" = Holly im Wunderland
"ImgBurn" = ImgBurn
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Intelli-studio" = SAMSUNG Intelli-studio
"Jäger des Geisterhauses_is1" = Jäger des Geisterhauses
"Jane Angel" = Jane Angel
"Luxor - Quest For The Afterlife" = Luxor - Quest For The Afterlife
"Magic Encyclopedia 3 - Illusionen" = Magic Encyclopedia 3 - Illusionen
"Mahjongg Artifacts" = Mahjongg Artifacts
"Mahjongg Artifacts 2" = Mahjongg Artifacts 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Legends - Sleepy Hollow" = Mystery Legends - Sleepy Hollow
"Nightfall Mysteries - Der Fluch der Oper" = Nightfall Mysteries - Der Fluch der Oper
"Odyssee ins Ungewisse" = Odyssee ins Ungewisse
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Ritter Arthur" = Ritter Arthur
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"Sandra Fleming Chronicles – Crystal Skulls" = Sandra Fleming Chronicles – Crystal Skulls
"Schuld und Sühne: Raskolnikov" = Schuld und Sühne: Raskolnikov
"Solitaire Quest 450_is1" = Solitaire Quest 450
"Sommermord_is1" = Sommermord
"Spur der Träume" = Spur der Träume
"Super Puzzle" = Super Puzzle
"Tatort Museum" = Tatort Museum
"Tatort NY: Der Fashion-Krimi" = Tatort NY: Der Fashion-Krimi
"The Enchanted Kingdom: Elisa’s Adventure" = The Enchanted Kingdom: Elisa’s Adventure
"The Hidden Object Show 2" = The Hidden Object Show 2
"Twisted Lands - Die Schattenstadt" = Twisted Lands - Die Schattenstadt
"Waldmeister Sause XXL - Winteredition_is1" = Waldmeister Sause XXL - Winteredition
"Waldmeister Sause XXL_is1" = Waldmeister Sause XXL
"Wimmelbild Mystery Box" = Wimmelbild Mystery Box
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winter Magic Bubbles_is1" = Winter Magic Bubbles
"World of Wimmelbild 2" = World of Wimmelbild 2
"World Voyage" = World Voyage
"Zen Fashion" = Zen Fashion
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.12.2012 17:05:56 | Computer Name = Arne-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.12.2012 17:07:17 | Computer Name = Arne-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.12.2012 17:08:44 | Computer Name = Arne-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.12.2012 17:10:05 | Computer Name = Arne-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.12.2012 17:10:45 | Computer Name = Arne-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 11.12.2012 17:14:38 | Computer Name = Arne-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 16.12.2012 16:05:47 | Computer Name = Arne-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 24.12.2012 03:57:41 | Computer Name = Arne-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 26.12.2012 07:21:11 | Computer Name = Arne-PC | Source = Application Hang | ID = 1002
Description = Programm ACDSeePro4.exe, Version 4.0.198.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: aac    Startzeit: 
01cde35a7423c017    Endzeit: 31    Anwendungspfad: C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeePro4.exe

Berichts-ID:
 5696ec2c-4f4e-11e2-82b6-6c626d0f2e07  
 
Error - 27.12.2012 12:19:07 | Computer Name = Arne-PC | Source = System Restore | ID = 8210
Description = 
 
[ System Events ]
Error - 27.12.2012 12:47:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 12:47:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 12:48:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 12:48:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 12:49:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 12:49:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 12:50:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 12:50:57 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 13:27:27 | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 27.12.2012 13:27:57 | Computer Name = Arne-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 28.12.2012, 09:28   #4
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.12.2012, 12:36   #5
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Hallo,
habe einen Scan durchgeführt. Er endete mit den Meldungen: Congratulations, no cleanup is required und Scan finished, no malware found. Scheint also alles im Lot zu sein ? Hier zur Sicherheit trotzdem das Logfile:

Malwarebytes Anti-Rootkit 1.01.0.1011
Malwarebytes : Free Anti-Malware download

Database version: v2012.12.28.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Arne :: ARNE-PC [administrator]

28.12.2012 12:24:58
mbar-log-2012-12-28 (12-24-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29030
Time elapsed: 11 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Alt 28.12.2012, 13:32   #6
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
--> GVU Trojaner wgsdgsdgdsdsd.dll h1n1

Alt 28.12.2012, 17:08   #7
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Hallo,
habe combofix zum Laufen gebracht. Allerdings ist das Programm bei mir automatisch im Downloadbereich gespeichert worden (c:\users\Arne\Downloads\ComboFix.exe).

Nachstehend die beiden Logfiles:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-28.02 - Arne 28.12.2012  16:30:21.1.4 - x86
ausgeführt von:: c:\users\Arne\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Arne\AppData\Roaming\ImgBurn.exe
c:\users\Arne\AppData\Roaming\yuvcodecs-1.3.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-28 bis 2012-12-28  ))))))))))))))))))))))))))))))
.
.
2012-12-28 15:35 . 2012-12-28 15:38	--------	d-----w-	c:\users\Arne\AppData\Local\temp
2012-12-28 15:35 . 2012-12-28 15:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-27 18:36 . 2012-12-27 18:36	--------	d-----w-	c:\users\Arne\AppData\Roaming\Malwarebytes
2012-12-27 18:36 . 2012-12-27 18:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-27 18:36 . 2012-12-27 18:36	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-27 18:36 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-27 16:37 . 2012-12-27 16:37	--------	d-----w-	c:\users\Arne\AppData\Roaming\Avira
2012-12-27 16:32 . 2012-11-27 09:01	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-27 16:32 . 2012-11-22 14:51	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-12-27 16:32 . 2012-11-22 14:50	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-27 16:32 . 2012-12-27 16:32	--------	d-----w-	c:\programdata\Avira
2012-12-27 16:32 . 2012-12-27 16:32	--------	d-----w-	c:\program files\Avira
2012-12-26 21:39 . 2012-12-26 21:39	2865	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-26 11:12 . 2012-12-27 16:16	--------	d-----w-	c:\users\Arne\AppData\Local\ACD Systems
2012-12-26 11:12 . 2012-12-26 11:12	--------	d-----w-	c:\users\Arne\AppData\Roaming\ACD Systems
2012-12-26 11:10 . 2012-12-26 11:10	--------	d-----w-	c:\programdata\ACD Systems
2012-12-26 11:09 . 2012-12-27 16:16	--------	d-----w-	c:\program files\Common Files\ACD Systems
2012-12-26 11:09 . 2012-12-26 11:09	--------	d-----w-	c:\program files\ACD Systems
2012-12-26 11:07 . 2012-12-26 11:07	--------	d-----w-	c:\users\Arne\AppData\Local\Downloaded Installations
2012-12-26 07:38 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5711C434-6E68-4206-BF11-AE21F67D9668}\mpengine.dll
2012-12-21 15:01 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 15:01 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-19 15:36 . 2012-12-19 15:38	--------	d-----w-	c:\users\Arne\AppData\Roaming\ImgBurn
2012-12-15 22:11 . 2012-12-16 20:39	--------	d-----w-	c:\users\Arne\AppData\Roaming\Orneon
2012-12-15 17:33 . 2012-12-15 20:24	--------	d-----w-	c:\program files\Mozilla Thunderbird
2012-12-13 09:45 . 2012-11-22 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-12-11 18:49 . 2012-12-11 18:49	--------	d-----w-	c:\users\Arne\Languages
2012-12-11 18:49 . 2012-03-07 01:18	121376	----a-w-	c:\users\Arne\mp3DirectCut.exe
2012-12-07 19:16 . 2012-11-29 08:26	262112	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 10:39 . 2012-06-16 10:24	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 10:39 . 2011-07-05 18:11	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-28 11:23	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-14 16:40 . 2012-10-14 16:40	34936	----a-w-	c:\windows\system32\uninstHelixYUV.exe
2012-10-14 16:39 . 2012-10-14 16:39	7760687	----a-w-	c:\users\Arne\AppData\Roaming\SetupGFD.exe
2012-10-14 16:39 . 2012-10-14 16:39	5243208	----a-w-	c:\users\Arne\AppData\Roaming\AvsP.exe
2012-10-14 16:39 . 2012-10-14 16:39	1357348	----a-w-	c:\users\Arne\AppData\Roaming\MatroskaSplitter.exe
2012-10-14 16:39 . 2012-10-14 16:39	5082084	----a-w-	c:\users\Arne\AppData\Roaming\Avisynth.exe
2012-10-09 17:40 . 2012-11-15 10:16	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 10:16	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-15 10:18	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-15 10:18	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-15 10:18	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-15 10:18	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 10:18	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-15 10:18	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-15 10:18	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-15 10:18	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-29 08:26 . 2012-12-07 19:16	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-4-30 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
path=c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
backup=c:\windows\pss\runctf.lnk.Startup
backupExtension=.Startup
.
R3 adiusbae;AT-AR215 USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 10:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: Free YouTube Download - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: Interfaces\{5D83F242-C9CA-469F-809D-E2294A1CA395}: NameServer = 89.246.64.8 62.220.18.8
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\wtfjwvog.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=4B2B128A-ECA4-4887-87A7-55E9770DD596&apn_ptnrs=&apn_sauid=D0953A3E-673A-4925-85BA-5FFE12B7B74E&apn_dtid=OSJ000&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-adiras - adiras.exe
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.abr"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ani"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bmp"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cr2"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.crw"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cur"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcr"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dib"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dng"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.emf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.eps"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.erf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.gif"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.hdr"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icl"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpg"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mrw"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nef"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.orf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcd"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pct"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pef"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pic"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pict"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.png"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psd"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raw"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rle"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tga"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttc"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wmf"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-28  16:42:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-28 15:42
.
Vor Suchlauf: 8 Verzeichnis(se), 900.197.240.832 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 900.320.854.016 Bytes frei
.
- - End Of File - - CA6C14507A2FD8227C93FFB2DCFFB297
         
--- --- ---

1
ABBYY FineReader 6.0 Sprint
ACDSee Pro 4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.5
Alabama Smith 2
Albelli Fotobücher
AMD USB Filter Driver
Amulett der Elfen
Aqua Bubble 2 (VOLLVERSION)
Ask Toolbar
Ask Toolbar Updater
AT-AR215 USB ADSL MODEM
ATI Catalyst Install Manager
Avira Free Antivirus
AviSynth 2.6
AvsP
Big City Adventure: New York City (nur deinstallation)
Big City Mystery
Big Fish Games: Game Manager
Bing Bar
Carol Reed 4
Carol Reed – Ein Mittsommernachtsmord
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
CCleaner
CDBurnerXP
CrossWorlds – Die Stadt in den Wolken
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD Copy
Das Geheimnis der Azteken
Das Herz von Afrika
Das rätselhafte Kristall-Portal
Das Smaragd-Riff
Das Vermächtnis der Insel
Das Vermächtnis des Einhorns
Der Stein der Weisen
Der vergessene Tote
DEUTSCHLAND SPIELT GAME CENTER
Diamond Drop (VOLLVERSION)
Die Abenteuer-Reise
Die Fisch-Oase
Die Runen Von Avalon 2
Die Sage von Kolossus
Die verborgene Welt der Kunst 2
Die Wiege Olympias 2
DVD slideshow GUI 0.9.5.3
Echoes of the Past: Das Schloss der Schatten
Echoes of the Past: Das versteinerte Koenigshaus
Enlightenus
Epson Copy Utility 3.4
Epson Event Manager
EPSON PERFECTION V30_V300 PHOTO Handbuch
EPSON Scan
Firebird SQL Server - MAGIX Edition
Fotobuch
Foxit Reader
Free YouTube Download version 3.1.40.1031
Free YouTube to MP3 Converter version 3.11.35.1031
freundin - Romance of Rome
freundin:Jewel Empire-Hidden Secrets
Fritz for Fun 6
Gefangen: Die Entführung
Geheime Fälle: Die gestohlene Venus
Geheime Fälle: Vermisst in Rom
Geheimnis von Montezuma 2
Goldfield (VOLLVERSION)
Green Moon
Green Valley
GUI for dvdauthor 1.07
Haali Media Splitter
Hank
Helix YUV Codecs (remove only)
Holly - Ein Weihnachtsmärchen
Holly im Wunderland
Hollywood - Directors Cut
ImgBurn
Jane Angel
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 34
Jäger des Geisterhauses
Junk Mail filter update
Luxor - Quest For The Afterlife
Magic Encyclopedia 3 - Illusionen
Mahjongg - Ancient Mayas
Mahjongg Artifacts
Mahjongg Artifacts 2
Malwarebytes Anti-Malware Version 1.65.1.1000
Medion Home Cinema
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [DEU]
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 de)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Legends - Sleepy Hollow
Nick Chase and the Deadly Diamond
Nightfall Mysteries - Der Fluch der Oper
Odyssee ins Ungewisse
OGA Notifier 2.0.0048.0
PC Connectivity Solution
phonostar-Player Version 3.02.0
PlayReady PC Runtime x86
ProtectDisc Driver, Version 11
Realtek High Definition Audio Driver
Ritter Arthur
Robinson Crusoe
Sam and Max - Season One 1.0
SAMSUNG Intelli-studio
Sandra Fleming Chronicles – Crystal Skulls
Schuld und Sühne: Raskolnikov
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Sid Meier's Pirates!
Simon the Sorcerer - Wer will schon Kontakt?
Solitaire Quest 450
Sommermord
Spelling Dictionaries Support For Adobe Reader 9
Spur der Träume
Strange Cases: Das Geheimnis der Tarotkarten
Super Puzzle
Tatort Museum
Tatort NY: Der Fashion-Krimi
The Enchanted Kingdom: Elisa’s Adventure
The Hidden Object Show 2
Twisted Lands - Die Schattenstadt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual C++ 9.0 CRT (x86) WinSXS MSM
Waldmeister Sause XXL
Waldmeister Sause XXL - Winteredition
Wimmelbild Mystery Box
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID-Anmelde-Assistent
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Winter Magic Bubbles
World of Wimmelbild 2
World Voyage
Zen Fashion

Alt 28.12.2012, 20:32   #8
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Sehr gut!


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.12.2012, 15:37   #9
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Hier das Logfile vom Scan mit dem ESET Online Scanner:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=f9e220f3c5663b41b64be5c334a3902a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-29 01:07:58
# local_time=2012-12-29 02:07:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 15489 222209768 8271 0
# compatibility_mode=5893 16776574 100 94 228497 108417669 0 0
# scanned=245428
# found=5
# cleaned=5
# scan_time=11478
C:\Windows\pss\runctf.lnk.Startup Win32/Reveton.M trojan (cleaned by deleting - quarantined) A14A4BBF136D921A40AFA6692E7091EAF13D5402 C
J:\ARNE-PC\Backup Set 2011-02-06 115244\Backup Files 2011-02-06 115244\Backup files 1.zip Java/TrojanDownloader.OpenStream.NAX trojan (deleted - quarantined) 8744ED2A9440C90149FFB485AF4DB46A4C48D787 C
J:\ARNE-PC\Backup Set 2011-08-21 192818\Backup Files 2011-08-21 192818\Backup files 1.zip Java/TrojanDownloader.OpenStream.NAX trojan (deleted - quarantined) 6C6C986DE6FAC3E059B11FAFE51B2CE136736F41 C
J:\ARNE-PC\Backup Set 2011-08-21 192818\Backup Files 2012-07-08 211158\Backup files 2.zip a variant of Java/Exploit.CVE-2012-0507.CC trojan (deleted - quarantined) 254F19531D1B8D417748B12F2558DDC80CEB0EB4 C
J:\ARNE-PC\Backup Set 2012-12-02 190000\Backup Files 2012-12-02 190000\Backup files 2.zip a variant of Java/Exploit.CVE-2012-0507.CC trojan (deleted - quarantined) 19D3C961E0E8C076C911D7E1C9346912B665768D C

Alt 29.12.2012, 17:10   #10
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 10 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.12.2012, 18:05   #11
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Hallo,
habe die Aktualisierungen vonm Java vorgenommen. Hier sind nun noch die gewünschten Posts:

PluginCheck 1

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 17.0 ist aktuell

Flash (11,5,502,135) ist aktuell.

Java (1,7,0,10) ist aktuell.

Adobe Reader ist nicht installiert oder aktiviert.

Zurück

PluginCheck2

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 17.0 ist aktuell

Flash (11,5,502,135) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader ist nicht installiert oder aktiviert.

Alt 30.12.2012, 09:39   #12
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.12.2012, 12:45   #13
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Prima ! Vielen Dank für Deine bisherige Hilfe. Wäre sonst wohl hoffnungslos aufgeschmissen gewesen. Werde Eure allgemeinen Tipps künftig auf jeden Fall beherzigen.
Eine letzte Frage hätte ich dann allerdings doch noch:
Wenn ich unter "msconfig" den Reiter Systemstart aufrufe findet sich unter den Befehlen immer noch folgende Zeile "C:\Windows\System32\rundll32.exe C:\Users\Arne\wgsdgsdgdsdsd.dll h1n1"
Diese Zeile ist allerdings deaktiviert (kein Haken).
Als Ort ist "C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" angegeben. Habe über den Windows-Explorer versucht, da mal nachzuschauen. Diese Ordner sind aber so gar nicht vorhanden.

Alt 30.12.2012, 14:09   #14
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Scan mit SystemLook

Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

Download Mirror #1

User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind 
    wgsdgsdgdsdsd.dll
    
    :folderfind 
    wgsdgsdgdsdsd.dll
    
    :filefind 
    wgsdgsdgdsdsd.dll
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.12.2012, 19:02   #15
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1



Hallo,
hier die Textdatei aus dem Scan mit SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:59 on 30/12/2012 by Arne
Administrator - Elevation successful

========== regfind ==========

Searching for "wgsdgsdgdsdsd.dll"
No data found.

========== folderfind ==========

Searching for "wgsdgsdgdsdsd.dll"
No folders found.

========== filefind ==========

Searching for "wgsdgsdgdsdsd.dll"
No files found.

-= EOF =-

Antwort

Themen zu GVU Trojaner wgsdgsdgdsdsd.dll h1n1
antivir, aufforderung, bekannte, bestimmte, bestimmten, einfach, eingefangen, gefangen, gefunde, häufig, meldung, modul, neustart, programm, start, trojan.backdoor, trojaner, versucht, virenprogramm, virus, windows, windows 7, zicken





Zum Thema GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Hallo, habe mir wohl auch leider den Virus, der hier schon häufig als "GVU-Trojaner" bezeichnet worden ist, eingefangen, Nach dem Start des Computers kam der bekannte Bildshcirm mit der Aufforderung - GVU Trojaner wgsdgsdgdsdsd.dll h1n1...
Archiv
Du betrachtest: GVU Trojaner wgsdgsdgdsdsd.dll h1n1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.