PUP.InstallBrain gefunden

seb-soft · 26.03.2013, 14:00

Hallo, bin seit heute angemeldet und wünsche allen erstmal einen schönen Tag.

Code:

ATTFilter

DefroggerScan:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:11 on 26/03/2013 (seb)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
-=E.O.F=-

----------------------------------------------------------------
Ein Scan mit Malwarebytes hat bei mir folgendes Ergebnis gebracht.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx-PC [Administrator]

26.03.2013 12:30:31
mbam-log-2013-03-26 (12-30-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236024
Laufzeit: 3 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

OTL logfile created on: 26.03.2013 13:28:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop\Sicherheit
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,12% Memory free
15,99 Gb Paging File | 14,40 Gb Available in Paging File | 90,03% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142E:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 234,45 Gb Total Space | 203,78 Gb Free Space | 86,92% Space Free | Partition Type: NTFS
Drive D: | 4,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 97,65 Gb Total Space | 43,95 Gb Free Space | 45,00% Space Free | Partition Type: NTFS
Drive F: | 833,85 Gb Total Space | 225,19 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
Drive H: | 718,47 Gb Total Space | 704,16 Gb Free Space | 98,01% Space Free | Partition Type: NTFS
Drive I: | 244,14 Gb Total Space | 244,04 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive J: | 200,20 Gb Total Space | 200,11 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: SEB-PC | User Name: seb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.26 13:26:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\Sicherheit\OTL.exe
PRC - [2013.03.08 10:37:28 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.09 17:24:50 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2013.01.09 17:00:21 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012.07.10 12:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.05.23 19:17:26 | 000,328,328 | ---- | M] (TeVii Technology Ltd.) -- C:\Windows\TeViiRC.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.11.10 19:43:58 | 000,906,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009.11.10 19:36:22 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009.11.10 19:30:14 | 001,352,480 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2006.05.31 22:55:42 | 001,368,064 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe
PRC - [2001.05.30 14:01:10 | 000,524,800 | ---- | M] (LogoSoft) -- H:\Neu-Install-7\Passwort_Tresor\Tresor\Tresor.exe
PRC - [1998.05.29 00:00:00 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.08 10:37:27 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.11.26 18:33:14 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster\cache.dll
MOD - [2009.11.10 17:39:32 | 001,332,576 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.22 22:28:55 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 10:37:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.11.10 19:37:02 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.05 17:56:04 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2013.01.05 17:56:04 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2013.01.05 17:55:49 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013.01.05 17:55:43 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.12.18 18:02:15 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.23 19:17:24 | 000,149,128 | ---- | M] (TeVii Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeViiS2.sys -- (SAllBDA)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.01 20:41:00 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1998.05.07 00:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=114506&tt=0313_2&babsrc=HP_clro&mntrId=901a51a9000000000000c860006d115b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 D0 48 C5 53 EB CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=0313_2&babsrc=SP_clro&mntrId=901a51a9000000000000c860006d115b
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://dignfight.de/index.php?co=login&msg="
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.22 13:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 10:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.05 15:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2013.03.24 20:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\crx2l4n9.default\extensions
[2013.03.24 20:37:57 | 000,349,484 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\crx2l4n9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.03.05 15:58:01 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\crx2l4n9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.03.05 14:42:06 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\crx2l4n9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.14 23:21:49 | 000,001,300 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\crx2l4n9.default\searchplugins\claro.xml
[2013.03.08 10:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.22 13:32:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.03.08 10:37:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.14 23:21:37 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~2\FlashGet\jccatch.dll (FlashGet)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll (Amaze Soft)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [TeViiRC] C:\Windows\TeViiRC.exe (TeVii Technology Ltd.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [Exetender_148] "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /runonstartup File not found
O4 - HKCU..\Run: [FreeYTVDownloader] C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe (FlashGet.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC5B5B32-40DC-43D2-819D-628FB22A8606}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.26 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2013.03.26 12:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.26 12:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.26 12:28:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.26 12:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.26 12:28:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs
[2013.03.09 09:50:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\WinTVCap_GUI
[2013.03.09 09:49:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ElevatedDiagnostics
[2013.03.08 10:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.06 10:25:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\File Scout
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.26 13:11:34 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2013.03.26 10:28:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.26 01:23:30 | 000,000,296 | ---- | M] () -- C:\Users\xxx\Desktop\[PinSimDB.org] Pinball Future Pinball.URL
[2013.03.26 00:53:57 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013.03.25 11:29:34 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013.03.24 21:04:08 | 001,465,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.24 21:04:08 | 000,639,314 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.24 21:04:08 | 000,605,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.24 21:04:08 | 000,124,870 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.24 21:04:08 | 000,102,384 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.24 21:03:07 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 21:03:07 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 21:00:19 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.03.24 21:00:19 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.03.24 21:00:19 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.03.24 20:57:50 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.24 12:00:13 | 000,001,533 | ---- | M] () -- C:\Users\xxx\Desktop\Dopplerfriends.lnk
[2013.03.22 13:32:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.13 12:29:32 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2013.03.12 17:05:42 | 000,007,604 | ---- | M] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2013.03.09 09:49:35 | 000,001,955 | ---- | M] () -- C:\Users\xxx\Desktop\Ruhezustand.lnk
[2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.03.07 00:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.03.07 00:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.03.07 00:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.03.07 00:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.03.06 13:28:02 | 000,000,228 | ---- | M] () -- C:\Users\xxx\Desktop\Speedport.URL
[2013.03.05 16:09:53 | 000,351,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.26 00:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
 
========== Files Created - No Company Name ==========
 
[2013.03.26 13:11:34 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2013.03.22 13:32:05 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.22 13:32:04 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.13 12:28:32 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2013.03.06 13:28:02 | 000,000,228 | ---- | C] () -- C:\Users\xxx\Desktop\Speedport.URL
[2013.02.11 23:31:04 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.02.11 23:27:23 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.02.11 23:27:23 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.02.11 23:27:23 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.02.11 10:31:03 | 000,007,604 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2013.01.11 15:59:19 | 000,011,776 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.11 10:42:12 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2013.01.11 10:42:07 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013.01.11 10:31:47 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2013.01.10 18:14:45 | 000,001,066 | ---- | C] () -- C:\Windows\SysWow64\akpsll.dll
[2013.01.10 16:46:50 | 000,001,130 | ---- | C] () -- C:\Windows\PVAStrumento.ini
[2013.01.10 15:57:10 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013.01.10 13:54:44 | 001,585,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.06 13:15:05 | 000,000,010 | ---- | C] () -- C:\Windows\winfile.ini
[2013.01.05 18:14:14 | 000,000,660 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.01.05 15:15:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.01.05 15:14:55 | 000,015,501 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 

[2013.01.10 16:19:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\AnvSoft
[2013.01.11 23:07:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2013.01.11 20:08:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited
[2013.01.07 22:24:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CheckPoint
[2013.01.10 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2013.01.10 14:38:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.06 10:25:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\File Scout
[2013.01.15 14:23:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FLVPlayerPackages
[2013.01.12 00:23:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\IrfanView
[2013.01.12 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Jardinains 2!
[2013.01.10 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MC-TVConverter
[2013.01.10 14:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Moyea
[2013.01.10 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag
[2013.01.14 23:42:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PerformerSoft
[2013.01.10 01:16:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScummVM
[2013.03.09 09:17:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TEST_WinTVCap_GUI
[2013.01.06 23:12:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ThumbsPlus
[2013.01.11 23:08:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2013.03.26 13:28:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TV-Browser
[2013.01.09 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Uniblue
[2013.03.26 00:53:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinTVCap_GUI
 
========== Purity Check ==========
< End of report >

Bei mir wurde durch OTL kein Extra Logfile generiert !

Vorab schon mal vielen Dank für Eure Hilfe
Gruss

ryder · 26.03.2013, 14:06

!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.

Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:

Bitte lesen:
Regeln für die Bereinigung

Illegal genutzte Software
Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
Keine Garantie
Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
Keine Alleingänge
Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
Aufmerksam lesen und nachfragen
Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
Richtig antworten
- Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
- Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss.
- Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
  [CODE] (Logfile) [/CODE]
- Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten.
Keine privaten Nachrichten
Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
Wie läuft die Bereinigung ab?
Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen

Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren

Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren

ggf. Neustart zulassen

Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, FireJump, SearchAnonymizer,

Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.

Schritt 4:
Scan mit DDS+ (mit attach)

Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
Schließe alle laufenden Programme und starte DDS mit Doppelklick.

Der Desktop wird verschwinden, das ist normal.

Stelle folgendes ein:

[X] dds.txt
[X] attach.txt
[ ] options for dds.txt

Ändere keine Einstellung ohne Anweisung.

Klicke auf Start.

Es werden 2 Logfiles auf deinem Desktop erstellt.
dds.txt

attach.txt

Poste die beiden Logfile hier, möglichst in CODE-Tags.

seb-soft · 26.03.2013, 14:36

Vielen Dank. Mache mich dann mal an die Arbeit.

Adwcleaner Logdatei:

Code:

ATTFilter

# AdwCleaner v2.115 - Logfile created 03/26/2013 at 14:32:17
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : seb - SEB-PC
# Boot Mode : Normal
# Running from : H:\Neu-Install-7\Viren\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\crx2l4n9.default\searchplugins\claro.xml
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\xxx\AppData\Local\PackageAware
Folder Deleted : C:\Users\xxx\AppData\Local\Wajam
Folder Deleted : C:\Users\xxx\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\xxx\AppData\Roaming\Babylon
Folder Deleted : C:\Users\xxx\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\xxx\AppData\Roaming\file scout
Folder Deleted : C:\Users\xxx\AppData\Roaming\PerformerSoft

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\526df88b13dbd48
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\526df88b13dbd48
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKU\S-1-5-21-3122927800-2970940714-3403948491-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114506&tt=0313_2&babsrc=HP_clro&mntrId=901a51a9000000000000c860006d115b --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (de)

File : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\crx2l4n9.default\prefs.js

C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\crx2l4n9.default\user.js ... Deleted !

Deleted : user_pref("CT3075125_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3075125&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3075125");
Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114506&tt=0313_2&babsrc=[...]
Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
Deleted : user_pref("browser.search.selectedEngine", "Claro Search");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117423&tt=021[...]
Deleted : user_pref("extensions.claro.admin", false);
Deleted : user_pref("extensions.claro.aflt", "babsst");
Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Deleted : user_pref("extensions.claro.autoRvrt", "false");
Deleted : user_pref("extensions.claro.dfltLng", "en");
Deleted : user_pref("extensions.claro.excTlbr", false);
Deleted : user_pref("extensions.claro.id", "901a51a9000000000000c860006d115b");
Deleted : user_pref("extensions.claro.instlDay", "15719");
Deleted : user_pref("extensions.claro.instlRef", "sst");
Deleted : user_pref("extensions.claro.prdct", "claro");
Deleted : user_pref("extensions.claro.prtnrId", "claro");
Deleted : user_pref("extensions.claro.rvrt", "false");
Deleted : user_pref("extensions.claro.tlbrId", "claro");
Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Deleted : user_pref("extensions.claro.vrsn", "1.8.8.5");
Deleted : user_pref("extensions.claro.vrsni", "1.8.8.5");
Deleted : user_pref("extensions.claro_i.excTlbr", false);
Deleted : user_pref("extensions.claro_i.newTab", false);
Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.8.523:21:47");

*************************

AdwCleaner[S1].txt - [6283 octets] - [26/03/2013 14:32:17]

########## EOF - C:\AdwCleaner[S1].txt - [6343 octets] ##########

Attach Datei:

[CODE].
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 05.01.2013 15:11:59
System Uptime: 26.03.2013 14:47:47 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5G41T-M LX2/GB
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | LGA775 | 2382/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 234 GiB total, 203,964 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 98 GiB total, 43,947 GiB free.
F: is FIXED (NTFS) - 834 GiB total, 225,201 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 718 GiB total, 704,159 GiB free.
I: is FIXED (NTFS) - 244 GiB total, 244,044 GiB free.
J: is FIXED (NTFS) - 200 GiB total, 200,109 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-Teredo-Tunneling-Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP64: 22.03.2013 22:38:24 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
2.1.0
AC3Filter (remove only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Audacity 1.2.6
Audials
Audials TV
avast! Free Antivirus
Aztec Bricks
Canon iP4300
CDBurnerXP
DivX Codec 3.1alpha release
Empire Earth
Exifer
FileKiller
FlashGet(JetCar)
Free Studio version 5.3.1
Future Pinball
Google Earth
Google Update Helper
Guardian Of Data v1.0
HijackThis 1.99.1
InstallShield für Microsoft Visual C++ 6
Jardinains 2! Lite Version 1.1
Java 7 Update 11
Java Auto Updater
Malwarebytes Anti-Malware Version 1.70.0.1100
Microsoft Office XP Professional mit FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 6.0 Professional Edition (Deutsch)
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
Moyea YouTube FLV Downloader version: 3.1.2.26
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
Mp3tag v2.53
MSDN Library - Visual Studio 6.0a (Deutsch)
myTeVii
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Platform
Seagate DiscWizard
Security Task Manager 1.8d
Uniblue SpeedUpMyPC
VBEx32 2.1.01
VIA Plattform-Geräte-Manager
VLC media player 2.0.5
ZoneAlarm LTD Toolbar
.
==== End Of File ===========================

DDS - Datei:

Code:

ATTFilter

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.11.2
Run by seb at 14:58:19 on 2013-03-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4095.2892 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Windows\TeViiRC.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: IeCatch5 Class: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: CatcherBHO Class: {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: FlashGet Bar: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [FreeYTVDownloader] C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
uRun: [Exetender_148] "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /runonstartup
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: Free YouTube Download - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AC5B5B32-40DC-43D2-819D-628FB22A8606} : DHCPNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
AppInit_DLLs= c:\progra~3\browse~1\261070~1.41\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [TeViiRC] C:\Windows\TeViiRC.exe
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\crx2l4n9.default\
FF - prefs.js: browser.startup.homepage - hxxp://dignfight.de/index.php?co=login&msg=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-02-12 15:06; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-22 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-12 377920]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-22 45248]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-11-10 606048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SAllBDA;TeVii DVB-S/S2 Receiver;C:\Windows\System32\drivers\TeViiS2.sys [2013-1-15 149128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-5 1349232]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-22 178624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-5 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-11 59392]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-03-26 11:28:47	--------	d-----w-	C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-03-26 11:28:33	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-03-26 11:28:31	24176	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-03-26 11:28:31	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-26 11:28:21	--------	d-----w-	C:\Users\xxx\AppData\Local\Programs
2013-03-22 12:32:05	178624	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2013-03-22 12:32:04	65336	----a-w-	C:\Windows\System32\drivers\aswRvrt.sys
2013-03-13 11:28:32	2832736	----a-w-	C:\Windows\System32\AutoPartNt.exe
2013-03-09 08:50:07	--------	d-----w-	C:\Users\xxx\AppData\Roaming\WinTVCap_GUI
2013-03-09 08:49:51	--------	d-----w-	C:\Users\xxx\AppData\Local\ElevatedDiagnostics
2013-03-05 13:48:38	2776576	----a-w-	C:\Windows\System32\msmpeg2vdec.dll
2013-03-05 13:46:21	3153408	----a-w-	C:\Windows\System32\win32k.sys
2013-03-05 13:45:23	1913192	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-03-05 13:45:22	376688	----a-w-	C:\Windows\System32\drivers\netio.sys
2013-03-05 13:45:22	288088	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-05 13:45:19	68608	----a-w-	C:\Windows\System32\taskhost.exe
2013-03-05 13:43:45	215040	----a-w-	C:\Windows\System32\winsrv.dll
2013-03-05 13:43:45	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-03-05 13:43:44	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-03-05 13:43:44	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-03-05 13:43:44	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-03-05 13:43:41	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-03-05 13:43:35	5553512	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-03-05 13:43:34	3967848	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-05 13:43:33	3913064	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
.
==================== Find3M  ====================
.
2013-03-24 20:00:19	21840	----atw-	C:\Windows\SysWow64\SIntfNT.dll
2013-03-24 20:00:19	17212	----atw-	C:\Windows\SysWow64\SIntf32.dll
2013-03-24 20:00:19	12067	----atw-	C:\Windows\SysWow64\SIntf16.dll
2013-03-22 21:28:54	73432	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 21:28:54	693976	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33:21	70992	----a-w-	C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21	1025808	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20	80816	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51	41664	----a-w-	C:\Windows\avastSS.scr
2013-02-18 08:22:18	31080	----a-w-	C:\Windows\System32\nvhdap64.dll
2013-02-18 08:22:18	1472360	----a-w-	C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 08:22:16	189288	----a-w-	C:\Windows\System32\drivers\nvhda64v.sys
2013-02-11 22:14:16	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2013-02-11 22:14:15	175616	----a-w-	C:\Windows\System32\msclmd.dll
2013-01-18 15:00:28	6390048	----a-w-	C:\Windows\System32\nvcpl.dll
2013-01-18 15:00:28	3460896	----a-w-	C:\Windows\System32\nvsvc64.dll
2013-01-18 15:00:11	884512	----a-w-	C:\Windows\System32\nvvsvc.exe
2013-01-18 15:00:11	63776	----a-w-	C:\Windows\System32\nvshext.dll
2013-01-18 15:00:11	2953448	----a-w-	C:\Windows\System32\nvcoproc.bin
2013-01-18 15:00:11	2558240	----a-w-	C:\Windows\System32\nvsvcr.dll
2013-01-18 15:00:11	118560	----a-w-	C:\Windows\System32\nvmctray.dll
2013-01-18 07:15:24	550176	----a-w-	C:\Windows\SysWow64\nvStreaming.exe
2013-01-13 21:17:03	9728	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02	2560	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42	10752	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46	3584	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21	4096	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07	5632	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07	3072	---ha-w-	C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31	9728	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31	2560	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18	10752	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07	3584	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48	4096	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41	5632	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40	5632	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40	3072	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40	3072	---ha-w-	C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00	1247744	----a-w-	C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22	1988096	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31	293376	----a-w-	C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00	249856	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43	220160	----a-w-	C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35	1504768	----a-w-	C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04	1643520	----a-w-	C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28	1175552	----a-w-	C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01	604160	----a-w-	C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58	207872	----a-w-	C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14	187392	----a-w-	C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30	2565120	----a-w-	C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17	363008	----a-w-	C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25	1080832	----a-w-	C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39	333312	----a-w-	C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32	1887232	----a-w-	C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21	296960	----a-w-	C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57	3419136	----a-w-	C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04	245248	----a-w-	C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33	648192	----a-w-	C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30	221184	----a-w-	C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42	194560	----a-w-	C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04	1238528	----a-w-	C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36	3928064	----a-w-	C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06	417792	----a-w-	C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58	364544	----a-w-	C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43	465920	----a-w-	C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52	522752	----a-w-	C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42	1158144	----a-w-	C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09	1682432	----a-w-	C:\Windows\System32\XpsPrint.dll
2013-01-12 02:30:18	95648	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-11 10:13:31	67072	------w-	C:\Windows\SysWow64\ieframe.oca
2013-01-11 10:13:31	241664	------w-	C:\Windows\SysWow64\COMCTL32.oca
2013-01-11 10:13:30	44032	------w-	C:\Windows\SysWow64\TABCTL32.oca
2013-01-10 17:15:02	1066	------w-	C:\Windows\SysWow64\akpsll.dll
2013-01-10 16:20:10	253952	------w-	C:\Windows\Setup1.exe
2013-01-10 16:20:09	74752	----a-w-	C:\Windows\ST6UNST.EXE
2013-01-10 14:57:09	4608	------w-	C:\Windows\SysWow64\w95inf32.dll
2013-01-10 14:57:09	2272	------w-	C:\Windows\SysWow64\w95inf16.dll
2013-01-06 15:36:17	859072	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-01-06 15:36:17	779704	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-01-05 16:56:04	81952	----a-w-	C:\Windows\System32\drivers\tifsfilt.sys
2013-01-05 16:56:04	711712	----a-w-	C:\Windows\System32\drivers\timntr.sys
2013-01-05 16:55:49	235040	----a-w-	C:\Windows\System32\drivers\snapman.sys
2013-01-05 16:55:43	593952	----a-w-	C:\Windows\System32\drivers\tdrpman.sys
2013-01-04 06:11:21	2284544	----a-w-	C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 04:43:21	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
.
============= FINISH: 14:59:00,53 ===============

--- --- ---

ryder · 26.03.2013, 18:45

Gut, dann weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

seb-soft · 26.03.2013, 19:22

Hallo, da bin ich wieder

ComboFix ist durchgelaufen (ohne zu Meckern).
Hier das Logfile:

Code:

ATTFilter

ComboFix 13-03-26.01 - seb 26.03.2013  19:00:23.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4095.2958 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-26 bis 2013-03-26  ))))))))))))))))))))))))))))))
.
.
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\Users\xxx\AppData\Roaming\Malwarebytes
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 11:28 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\Users\xxx\AppData\Local\Programs
2013-03-22 12:32 . 2013-03-06 23:33	178624	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-03-22 12:32 . 2013-03-06 23:33	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 11:28 . 2013-03-13 11:28	2832736	----a-w-	c:\windows\system32\AutoPartNt.exe
2013-03-09 08:50 . 2013-03-25 23:53	--------	d-----w-	c:\Users\xxx\AppData\Roaming\WinTVCap_GUI
2013-03-09 08:49 . 2013-03-09 08:49	--------	d-----w-	c:\Users\xxx\AppData\Local\ElevatedDiagnostics
2013-03-05 13:46 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-03-05 13:45 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-03-05 13:45 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-05 13:45 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2013-03-05 13:45 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-03-05 13:43 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-03-05 13:43 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-03-05 13:43 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-03-05 13:43 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-03-05 13:43 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-03-05 13:43 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-03-05 13:43 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-05 13:43 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-05 13:43 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 20:00 . 2013-02-11 22:27	21840	----atw-	c:\windows\SysWow64\SIntfNT.dll
2013-03-24 20:00 . 2013-02-11 22:27	17212	----atw-	c:\windows\SysWow64\SIntf32.dll
2013-03-24 20:00 . 2013-02-11 22:27	12067	----atw-	c:\windows\SysWow64\SIntf16.dll
2013-03-22 21:28 . 2013-01-10 12:19	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 21:28 . 2013-01-10 12:19	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33 . 2013-02-12 13:56	377920	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-02-12 13:56	70992	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-02-12 13:56	68920	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-02-12 13:56	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-02-12 13:56	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-02-12 13:56	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-02-12 13:54	41664	----a-w-	c:\windows\avastSS.scr
2013-03-06 23:32 . 2013-02-12 13:56	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-03-05 13:59 . 2013-01-05 15:40	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-25 23:32 . 2012-10-10 20:22	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2012-10-10 20:22	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2012-10-10 20:23	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-18 08:22 . 2013-02-18 08:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2013-02-18 08:22	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-11 22:14 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-02-11 22:14 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-01-18 15:00 . 2013-01-05 14:46	6390048	----a-w-	c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2013-01-05 14:46	3460896	----a-w-	c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2013-01-05 14:46	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2013-01-05 14:46	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2013-01-05 14:46	2953448	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2013-01-05 14:46	2558240	----a-w-	c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2013-01-05 14:46	118560	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-18 07:15 . 2013-01-18 07:15	550176	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-01-12 02:30 . 2013-01-15 13:46	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-11 10:13 . 2013-01-11 10:13	67072	------w-	c:\windows\SysWow64\ieframe.oca
2013-01-11 10:13 . 2013-01-11 10:13	241664	------w-	c:\windows\SysWow64\COMCTL32.oca
2013-01-11 10:13 . 2013-01-11 10:13	44032	------w-	c:\windows\SysWow64\TABCTL32.oca
2013-01-10 16:20 . 2013-01-10 16:20	253952	------w-	c:\windows\Setup1.exe
2013-01-10 16:20 . 2013-01-10 16:20	74752	----a-w-	c:\windows\ST6UNST.EXE
2013-01-10 14:57 . 2013-01-10 14:57	4608	------w-	c:\windows\SysWow64\w95inf32.dll
2013-01-10 14:57 . 2013-01-10 14:57	2272	------w-	c:\windows\SysWow64\w95inf16.dll
2013-01-06 15:36 . 2013-01-06 15:36	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-06 15:36 . 2013-01-06 15:36	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-05 16:56 . 2013-01-05 16:56	81952	----a-w-	c:\windows\system32\drivers\tifsfilt.sys
2013-01-05 16:56 . 2013-01-05 16:56	711712	----a-w-	c:\windows\system32\drivers\timntr.sys
2013-01-05 16:55 . 2013-01-05 16:55	235040	----a-w-	c:\windows\system32\drivers\snapman.sys
2013-01-05 16:55 . 2013-01-05 16:55	593952	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2013-01-05 15:33 . 2013-01-05 15:33	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-01-05 15:33 . 2013-01-05 15:33	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-01-05 15:33 . 2013-01-05 15:33	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-01-05 15:33 . 2013-01-05 15:33	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-05 15:33 . 2013-01-05 15:33	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-05 15:33 . 2013-01-05 15:33	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-01-05 15:33 . 2013-01-05 15:33	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-01-05 15:33 . 2013-01-05 15:33	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-01-05 15:33 . 2013-01-05 15:33	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-01-05 15:33 . 2013-01-05 15:33	367104	----a-w-	c:\windows\SysWow64\html.iec
2013-01-05 15:33 . 2013-01-05 15:33	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-01-05 15:33 . 2013-01-05 15:33	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-01-05 15:33 . 2013-01-05 15:33	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-01-05 15:33 . 2013-01-05 15:33	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-01-05 15:33 . 2013-01-05 15:33	222208	----a-w-	c:\windows\system32\msls31.dll
2013-01-05 15:33 . 2013-01-05 15:33	2144768	----a-w-	c:\windows\system32\iertutil.dll
2013-01-05 15:33 . 2013-01-05 15:33	197120	----a-w-	c:\windows\system32\msrating.dll
2013-01-05 15:33 . 2013-01-05 15:33	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-01-05 15:33 . 2013-01-05 15:33	17811968	----a-w-	c:\windows\system32\mshtml.dll
2013-01-05 15:33 . 2013-01-05 15:33	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-01-05 15:33 . 2013-01-05 15:33	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2013-01-05 15:33 . 2013-01-05 15:33	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2013-01-05 15:33 . 2013-01-05 15:33	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-01-05 15:33 . 2013-01-05 15:33	149504	----a-w-	c:\windows\system32\occache.dll
2013-01-05 15:33 . 2013-01-05 15:33	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-01-05 15:33 . 2013-01-05 15:33	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-01-05 15:33 . 2013-01-05 15:33	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-01-05 15:33 . 2013-01-05 15:33	1346048	----a-w-	c:\windows\system32\urlmon.dll
2013-01-05 15:33 . 2013-01-05 15:33	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2013-01-05 15:33 . 2013-01-05 15:33	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-01-05 15:33 . 2013-01-05 15:33	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-01-05 15:33 . 2013-01-05 15:33	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2013-01-05 15:33 . 2013-01-05 15:33	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-01-05 15:33 . 2013-01-05 15:33	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-01-05 15:33 . 2013-01-05 15:33	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2013-01-05 15:33 . 2013-01-05 15:33	85504	----a-w-	c:\windows\system32\iesetup.dll
2013-01-05 15:33 . 2013-01-05 15:33	82432	----a-w-	c:\windows\system32\icardie.dll
2013-01-05 15:33 . 2013-01-05 15:33	816640	----a-w-	c:\windows\system32\jscript.dll
2013-01-05 15:33 . 2013-01-05 15:33	76800	----a-w-	c:\windows\system32\tdc.ocx
2013-01-05 15:33 . 2013-01-05 15:33	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-01-05 15:33 . 2013-01-05 15:33	65024	----a-w-	c:\windows\system32\pngfilt.dll
2013-01-05 15:33 . 2013-01-05 15:33	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-01-05 15:33 . 2013-01-05 15:33	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-01-05 15:33 . 2013-01-05 15:33	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2013-01-05 15:33 . 2013-01-05 15:33	49664	----a-w-	c:\windows\system32\imgutil.dll
2013-01-05 15:33 . 2013-01-05 15:33	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-01-05 15:33 . 2013-01-05 15:33	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2013-01-05 15:33 . 2013-01-05 15:33	448512	----a-w-	c:\windows\system32\html.iec
2013-01-05 15:33 . 2013-01-05 15:33	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2013-01-05 15:33 . 2013-01-05 15:33	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-01-05 15:33 . 2013-01-05 15:33	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-01-05 15:33 . 2013-01-05 15:33	30720	----a-w-	c:\windows\system32\licmgr10.dll
2013-01-05 15:33 . 2013-01-05 15:33	282112	----a-w-	c:\windows\system32\dxtrans.dll
2013-01-05 15:33 . 2013-01-05 15:33	267776	----a-w-	c:\windows\system32\ieaksie.dll
2013-01-05 15:33 . 2013-01-05 15:33	249344	----a-w-	c:\windows\system32\webcheck.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-17 2489456]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-11-10 1352480]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2009-11-10 906912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R3 aswVmm;aswVmm; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-11-10 606048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\Drivers\TeViiS2.sys [2011-05-23 149128]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-26 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-01-09 16:00]
.
2013-03-22 c:\windows\Tasks\The_Body_Das_geheimnisvolle_Grab_ab_2013_03_26.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-22 c:\windows\Tasks\The_Body_Das_geheimnisvolle_Grab_ab_2013_03_26_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AeLookupSvc
AppInfo
AppMgmt
AudioSrv
BITS
browser
CertPropSvc
EapHost
FastUserSwitchingCompatibility
gpsvc
helpsvc
hkmsvc
Ias
IKEEXT
iphlpsvc
Irmon
lanmanserver
LogonHours
MMCSS
msiscsi
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
PCAudit
ProfSvc
Rasauto
Rasman
Remoteaccess
schedule
SCPolicySvc
seclogon
SENS
SessionEnv
Sharedaccess
ShellHWDetection
SRService
Tapisrv
TermService
Themes
uploadmgr
wercplsupport
winmgmt
WmdmPmSp
Wmi
wuauserv
BDESVC
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: Free YouTube Download - c:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - c:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\crx2l4n9.default\
FF - prefs.js: browser.startup.homepage - hxxp://dignfight.de/index.php?co=login&msg=
FF - ExtSQL: 2013-02-12 15:06; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-FreeYTVDownloader - c:\program files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
Wow6432Node-HKCU-Run-Exetender_148 - c:\program files (x86)\FreeRide Games\GPlayer.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-InstallShield für Microsoft Visual C++ 6 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-26  19:14:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-26 18:14
.
Vor Suchlauf: 10 Verzeichnis(se), 218.779.451.392 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 218.618.314.752 Bytes frei
.
- - End Of File - - 4E2A7539DEA35173DF6B5B94C89E69E4

ryder · 26.03.2013, 19:35

Ah ... da gab es ein Problem

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Neustart

Schritt 2:
Nochmal ein neues Combofix Logfile erstellen und posten.

seb-soft · 27.03.2013, 00:41

Hallo, auch noch online
Ja, das mache ich dann nochmal. Ich werde nochmal das aktuelle ComboFix downloaden
und starten. Soll ich avira erneut deaktivieren ?

Es wurde aber neu gestartet, nach ComboFix.

Gruss

Also dann nochmal.

Hier das File (nach einem Neustart)
Gruss - und gute Nacht - bis heute früh dann.
[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 13-03-26.01 - seb 27.03.2013   0:46.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4095.3329 [GMT 1:00]
ausgeführt von:: c:\Users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-26 bis 2013-03-26  ))))))))))))))))))))))))))))))
.
.
2013-03-26 23:53 . 2013-03-26 23:53	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-03-26 23:53 . 2013-03-26 23:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\Users\xxx\AppData\Roaming\Malwarebytes
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 11:28 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-26 11:28 . 2013-03-26 11:28	--------	d-----w-	c:\Users\xxx\AppData\Local\Programs
2013-03-22 12:32 . 2013-03-06 23:33	178624	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-03-22 12:32 . 2013-03-06 23:33	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-03-13 11:28 . 2013-03-13 11:28	2832736	----a-w-	c:\windows\system32\AutoPartNt.exe
2013-03-09 08:50 . 2013-03-26 21:45	--------	d-----w-	c:\Users\xxx\AppData\Roaming\WinTVCap_GUI
2013-03-09 08:49 . 2013-03-09 08:49	--------	d-----w-	c:\Users\xxx\AppData\Local\ElevatedDiagnostics
2013-03-05 13:46 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-03-05 13:45 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-03-05 13:45 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-05 13:45 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2013-03-05 13:45 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-03-05 13:43 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-03-05 13:43 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-03-05 13:43 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-03-05 13:43 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-03-05 13:43 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-03-05 13:43 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-03-05 13:43 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-05 13:43 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-05 13:43 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 20:00 . 2013-02-11 22:27	21840	----atw-	c:\windows\SysWow64\SIntfNT.dll
2013-03-24 20:00 . 2013-02-11 22:27	17212	----atw-	c:\windows\SysWow64\SIntf32.dll
2013-03-24 20:00 . 2013-02-11 22:27	12067	----atw-	c:\windows\SysWow64\SIntf16.dll
2013-03-22 21:28 . 2013-01-10 12:19	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 21:28 . 2013-01-10 12:19	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33 . 2013-02-12 13:56	377920	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-02-12 13:56	70992	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-02-12 13:56	68920	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-02-12 13:56	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-02-12 13:56	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-02-12 13:56	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-02-12 13:54	41664	----a-w-	c:\windows\avastSS.scr
2013-03-06 23:32 . 2013-02-12 13:56	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-03-05 13:59 . 2013-01-05 15:40	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-25 23:32 . 2012-10-10 20:22	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2012-10-10 20:22	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2012-10-10 20:23	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-18 08:22 . 2013-02-18 08:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2013-02-18 08:22	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-11 22:14 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-02-11 22:14 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-01-18 15:00 . 2013-01-05 14:46	6390048	----a-w-	c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2013-01-05 14:46	3460896	----a-w-	c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2013-01-05 14:46	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2013-01-05 14:46	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2013-01-05 14:46	2953448	----a-w-	c:\windows\system32\nvcoproc.bin
2013-01-18 15:00 . 2013-01-05 14:46	2558240	----a-w-	c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2013-01-05 14:46	118560	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-18 07:15 . 2013-01-18 07:15	550176	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-01-12 02:30 . 2013-01-15 13:46	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-11 10:13 . 2013-01-11 10:13	67072	------w-	c:\windows\SysWow64\ieframe.oca
2013-01-11 10:13 . 2013-01-11 10:13	241664	------w-	c:\windows\SysWow64\COMCTL32.oca
2013-01-11 10:13 . 2013-01-11 10:13	44032	------w-	c:\windows\SysWow64\TABCTL32.oca
2013-01-10 16:20 . 2013-01-10 16:20	253952	------w-	c:\windows\Setup1.exe
2013-01-10 16:20 . 2013-01-10 16:20	74752	----a-w-	c:\windows\ST6UNST.EXE
2013-01-10 14:57 . 2013-01-10 14:57	4608	------w-	c:\windows\SysWow64\w95inf32.dll
2013-01-10 14:57 . 2013-01-10 14:57	2272	------w-	c:\windows\SysWow64\w95inf16.dll
2013-01-06 15:36 . 2013-01-06 15:36	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-06 15:36 . 2013-01-06 15:36	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-05 16:56 . 2013-01-05 16:56	81952	----a-w-	c:\windows\system32\drivers\tifsfilt.sys
2013-01-05 16:56 . 2013-01-05 16:56	711712	----a-w-	c:\windows\system32\drivers\timntr.sys
2013-01-05 16:55 . 2013-01-05 16:55	235040	----a-w-	c:\windows\system32\drivers\snapman.sys
2013-01-05 16:55 . 2013-01-05 16:55	593952	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2013-01-05 15:33 . 2013-01-05 15:33	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-01-05 15:33 . 2013-01-05 15:33	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-01-05 15:33 . 2013-01-05 15:33	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-01-05 15:33 . 2013-01-05 15:33	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-05 15:33 . 2013-01-05 15:33	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-05 15:33 . 2013-01-05 15:33	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-01-05 15:33 . 2013-01-05 15:33	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-01-05 15:33 . 2013-01-05 15:33	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-01-05 15:33 . 2013-01-05 15:33	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-01-05 15:33 . 2013-01-05 15:33	367104	----a-w-	c:\windows\SysWow64\html.iec
2013-01-05 15:33 . 2013-01-05 15:33	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-01-05 15:33 . 2013-01-05 15:33	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-01-05 15:33 . 2013-01-05 15:33	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-01-05 15:33 . 2013-01-05 15:33	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-01-05 15:33 . 2013-01-05 15:33	222208	----a-w-	c:\windows\system32\msls31.dll
2013-01-05 15:33 . 2013-01-05 15:33	2144768	----a-w-	c:\windows\system32\iertutil.dll
2013-01-05 15:33 . 2013-01-05 15:33	197120	----a-w-	c:\windows\system32\msrating.dll
2013-01-05 15:33 . 2013-01-05 15:33	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-01-05 15:33 . 2013-01-05 15:33	17811968	----a-w-	c:\windows\system32\mshtml.dll
2013-01-05 15:33 . 2013-01-05 15:33	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-01-05 15:33 . 2013-01-05 15:33	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2013-01-05 15:33 . 2013-01-05 15:33	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2013-01-05 15:33 . 2013-01-05 15:33	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-01-05 15:33 . 2013-01-05 15:33	149504	----a-w-	c:\windows\system32\occache.dll
2013-01-05 15:33 . 2013-01-05 15:33	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-01-05 15:33 . 2013-01-05 15:33	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-01-05 15:33 . 2013-01-05 15:33	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-01-05 15:33 . 2013-01-05 15:33	1346048	----a-w-	c:\windows\system32\urlmon.dll
2013-01-05 15:33 . 2013-01-05 15:33	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2013-01-05 15:33 . 2013-01-05 15:33	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-01-05 15:33 . 2013-01-05 15:33	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-01-05 15:33 . 2013-01-05 15:33	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2013-01-05 15:33 . 2013-01-05 15:33	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-01-05 15:33 . 2013-01-05 15:33	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-01-05 15:33 . 2013-01-05 15:33	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2013-01-05 15:33 . 2013-01-05 15:33	85504	----a-w-	c:\windows\system32\iesetup.dll
2013-01-05 15:33 . 2013-01-05 15:33	82432	----a-w-	c:\windows\system32\icardie.dll
2013-01-05 15:33 . 2013-01-05 15:33	816640	----a-w-	c:\windows\system32\jscript.dll
2013-01-05 15:33 . 2013-01-05 15:33	76800	----a-w-	c:\windows\system32\tdc.ocx
2013-01-05 15:33 . 2013-01-05 15:33	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-01-05 15:33 . 2013-01-05 15:33	65024	----a-w-	c:\windows\system32\pngfilt.dll
2013-01-05 15:33 . 2013-01-05 15:33	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-01-05 15:33 . 2013-01-05 15:33	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-01-05 15:33 . 2013-01-05 15:33	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2013-01-05 15:33 . 2013-01-05 15:33	49664	----a-w-	c:\windows\system32\imgutil.dll
2013-01-05 15:33 . 2013-01-05 15:33	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-01-05 15:33 . 2013-01-05 15:33	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2013-01-05 15:33 . 2013-01-05 15:33	448512	----a-w-	c:\windows\system32\html.iec
2013-01-05 15:33 . 2013-01-05 15:33	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2013-01-05 15:33 . 2013-01-05 15:33	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-01-05 15:33 . 2013-01-05 15:33	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-01-05 15:33 . 2013-01-05 15:33	30720	----a-w-	c:\windows\system32\licmgr10.dll
2013-01-05 15:33 . 2013-01-05 15:33	282112	----a-w-	c:\windows\system32\dxtrans.dll
2013-01-05 15:33 . 2013-01-05 15:33	267776	----a-w-	c:\windows\system32\ieaksie.dll
2013-01-05 15:33 . 2013-01-05 15:33	249344	----a-w-	c:\windows\system32\webcheck.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-17 2489456]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-11-10 1352480]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2009-11-10 906912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R3 aswVmm;aswVmm; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-11-10 606048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\Drivers\TeViiS2.sys [2011-05-23 149128]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-26 c:\windows\Tasks\Airspeed_Rettung_in_letzter_Sekunde_ab_2013_03_27.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Dahoam_is_Dahoam_ab_2013_04_02.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Dahoam_is_Dahoam_ab_2013_04_02_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Das_Vermächtnis_des_Geheimen_Buches_ab_2013_03_29.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Das_Vermächtnis_des_Geheimen_Buches_ab_2013_03_29_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Der_gläserne_Pantoffel_ab_2013_03_30.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Der_gläserne_Pantoffel_ab_2013_03_30_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Der_Sternwanderer_ab_2013_04_01.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Der_Sternwanderer_ab_2013_04_01_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Des_Kaisers_neue_Kleider_ab_2013_04_01.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Des_Kaisers_neue_Kleider_ab_2013_04_01_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Die_Zehn_Gebote_ab_2013_03_30.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Die_Zehn_Gebote_ab_2013_03_30_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-22 c:\windows\Tasks\Ein_einziger_Augenblick_ab_2013_04_06.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-22 c:\windows\Tasks\Ein_einziger_Augenblick_ab_2013_04_06_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Ein_Kuckucksei_am_Zarenhof_ab_2013_03_31.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Ein_Kuckucksei_am_Zarenhof_ab_2013_03_31_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Fire_From_Below_Die_Flammen_werden_dich_finden_ab_2013_03_29.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Fire_From_Below_Die_Flammen_werden_dich_finden_ab_2013_03_29_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Gottes_mächtige_Dienerin_ab_2013_04_01.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Gottes_mächtige_Dienerin_ab_2013_04_01_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Kollisionskurs_Blackout_im_Cockpit_ab_2013_03_30.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Kollisionskurs_Blackout_im_Cockpit_ab_2013_03_30_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Les_Gammas_Les_Gammas_ab_2013_03_20.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Les_Gammas_Les_Gammas_ab_2013_03_20_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-23 c:\windows\Tasks\Les_Gammas_Les_Gammas_ab_2013_03_23.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-23 c:\windows\Tasks\Les_Gammas_Les_Gammas_ab_2013_03_23_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Rumpelstilzchen_ab_2013_03_29.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Rumpelstilzchen_ab_2013_03_29_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Schneeweißchen_und_Rosenrot_ab_2013_04_01.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Schneeweißchen_und_Rosenrot_ab_2013_04_01_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-01-09 16:00]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AeLookupSvc
AppInfo
AppMgmt
AudioSrv
BITS
browser
CertPropSvc
EapHost
FastUserSwitchingCompatibility
gpsvc
helpsvc
hkmsvc
Ias
IKEEXT
iphlpsvc
Irmon
lanmanserver
LogonHours
MMCSS
msiscsi
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
PCAudit
ProfSvc
Rasauto
Rasman
Remoteaccess
schedule
SCPolicySvc
seclogon
SENS
SessionEnv
Sharedaccess
ShellHWDetection
SRService
Tapisrv
TermService
Themes
uploadmgr
wercplsupport
winmgmt
WmdmPmSp
Wmi
wuauserv
BDESVC
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: Free YouTube Download - c:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
FF - ProfilePath - c:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\crx2l4n9.default\
FF - prefs.js: browser.startup.homepage - hxxp://dignfight.de/index.php?co=login&msg=
FF - ExtSQL: 2013-02-12 15:06; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-InstallShield für Microsoft Visual C++ 6 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-27  00:56:40
ComboFix-quarantined-files.txt  2013-03-26 23:56
ComboFix2.txt  2013-03-26 18:14
.
Vor Suchlauf: 14 Verzeichnis(se), 217.938.923.520 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 217.647.132.672 Bytes frei
.
- - End Of File - - 369556DA4688EA4F099AD650B0F2F56C

--- --- ---

ryder · 27.03.2013, 09:26

Bevor es weiter geht:

Kannst du mir sagen wo diese geplanten Aufgaben herkommen und warum sie Filmnamen tragen?

Zitat:

2013-03-26 c:\windows\Tasks\Airspeed_Rettung_in_letzter_Sekunde_ab_2013_03_27.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Dahoam_is_Dahoam_ab_2013_04_02.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Dahoam_is_Dahoam_ab_2013_04_02_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Das_Vermächtnis_des_Geheimen_Buches_ab_2013_03_29.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-26 c:\windows\Tasks\Das_Vermächtnis_des_Geheimen_Buches_ab_2013_03_29_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Der_gläserne_Pantoffel_ab_2013_03_30.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Der_gläserne_Pantoffel_ab_2013_03_30_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-13 c:\windows\Tasks\Der_Sternwanderer_ab_2013_04_01.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]
.
2013-03-12 c:\windows\Tasks\Der_Sternwanderer_ab_2013_04_01_PreStarter.job
- c:\program files (x86)\Java\jre7\bin\javaw.exe [2013-01-06 02:26]

seb-soft · 27.03.2013, 10:27

Hallo, guten Morgen
Die kommen von der Elektronischen Fernsehzeitschrift TV-Browser. Das sind die Fernseh-
filme, die demnächst als Taskplaner automatisch aufgenommen werden sollen.

Das ist also alles ok

Gruss

ryder · 27.03.2013, 10:56

Okay, dann lassen wir die mal so wie sie sind.

Aber irgendwas stimmt da gar nicht ... vielleicht finden wir so etwas:

Scan mit Farbar's Service Scanner

Downloade dir bitte Farbar's Service Scanner
Starte das Tool mit Doppelklick auf die FSS.exe

Gehe sicher, dass folgende Optionen angehakt sind.
Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

Klicke auf Scan.

Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

seb-soft · 27.03.2013, 11:09

Soll ich Avira Virenscanner wieder deaktivieren ?

ryder · 27.03.2013, 11:11

Nö kann laufen.

seb-soft · 27.03.2013, 11:14

Hier der Scan

Code:

ATTFilter

Farbar Service Scanner Version: 03-03-2013
Ran by xxx (administrator) on 27-03-2013 at 11:12:22
Running from "C:\Users\xxx\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Ich Gratuliere Dir mal zu einem erfolgreichen Jahr in diesem Forum nachträglich. Gestern am 26.03.2012 bist Du hier eingestiegen

ryder · 27.03.2013, 11:38

Hehe vielen Dank. Da hab ich als absolut Unwissender angefangen

Nein also da sieht man auch nix .... ich krieg hier die Kiese.

Scan mit MBAR
Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

seb-soft · 27.03.2013, 13:15

So, das ist soweit durchgelaufen.

Scan Finished: No malware found!

Dann brauche ich wohl nicht neu starten oder ?

Hier das Logfile:

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 3.415000 GHz
Memory total: 4293976064, free: 3094810624

------------ Kernel report ------------
     03/27/2013 13:03:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpman.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\System32\Drivers\TeViiS2.sys
\SystemRoot\System32\Drivers\ks.sys
\SystemRoot\System32\Drivers\BdaSup.SYS
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\MarvinBus64.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004622060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-4\
Lower Device Object: 0xfffffa80040df060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800461f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa80040d7060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.03.27.05
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800461f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800461f980, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa800461fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800461f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80040be670, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80040d7060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0xfffff8a001ccb0b0, 0xfffffa800461f060, 0xfffffa8003ed2790
Lower DeviceData: 0xfffff8a0048afe50, 0xfffffa80040d7060, 0xfffffa8003bcfe40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5F0FC9BA

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 419856384

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 419858460  Numsec = 491669640
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with CSH (0x5)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 911536128  Numsec = 511997952

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1423535715  Numsec = 1506736350

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-2930257168-2930277168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8004622060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004621670, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xfffffa8004622ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004622060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80040bb670, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80040df060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0xfffff8a00b36c190, 0xfffffa8004622060, 0xfffffa8003efb640
Lower DeviceData: 0xfffff8a00aea1b10, 0xfffffa80040df060, 0xfffffa800390e980
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B2025BBE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 204796557
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204802048  Numsec = 1748717568

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

26.03.2013, 19:35	#6
ryder /// TB-Ausbilder	PUP.InstallBrain gefunden Ah ... da gab es ein Problem Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Neustart Schritt 2: Nochmal ein neues Combofix Logfile erstellen und posten. __________________ --> PUP.InstallBrain gefunden

27.03.2013, 11:11	#12
ryder /// TB-Ausbilder	PUP.InstallBrain gefunden Nö kann laufen. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

PUP.InstallBrain gefunden

Plagegeister aller Art und deren Bekämpfung: PUP.InstallBrain gefunden