TR/Mediyes.gen entdeckt D:

Basti133 · 14.04.2013, 07:34

Hey, ich habe vor ein paar Tagen mit Avira den Trojaner Mediyes.gen entdeckt. Ich habe mich nun in dem Avira Support Forum angemeldet und mein Problem geschildert und es wurde gesagt, dass ich das Betriebssystem neu aufsetzen soll. Jetzt wollte ich das machen, aber mir ist aufgefallen, dass ich nur ein Windows 7 Upgrade Kit habe (Vista zu Win 7) und jetzt nicht weiß, was ich machen soll, da Vista schon von Anfang an auf dem Laptop war und ich kein Vista auf einer Disk habe. Mein Avira will aus irgendeinem Grund nie die Systemüberprüfung beenden und stoppt nach ca 60%, aber das konnte ich entnehmen:

C:\Windows\System32\UpdSvc.dll
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\NTDETECT.COM
[WARNUNG] Die Datei konnte nicht geöffnet werden!

C:\Windows\system32\incvkgce5.tsp
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003
C:\Windows\system32\incvkgce5.tsp
[WARNUNG] Die Datei konnte nicht gelöscht werden!
C:\Windows\system32\incvkgce5.tsp
[WARNUNG] Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche Ursache: Zugriff verweigert

aharonov · 14.04.2013, 14:07

Hi,

ich schlage vor, wir sehen uns die Lage zuerst einmal an, ok?

Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button.
Bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.

Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
Schliesse bitte alle anderen Programme.
Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Sollte sich ein Fenster mit folgender Warnung öffnen
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
dann klicke unbedingt auf No.
Entferne rechts den Haken bei:
- IAT/EAT
- Show all
Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
Starte den Scan mit einem Klick auf Scan.
Mache gar nichts am Computer, während der Scan läuft!
Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
Füge bitte den Inhalt des Logfiles hier in deine Thread ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.

Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /580
C:\Windows\SysNative\*.dll /580
C:\Windows\SysWOW64\*.dll /580

Schliesse bitte nun alle anderen Programme.
Klicke nun auf den Quick Scan Button.
Kopiere danach den Inhalt von OTL.txt und Extras.txt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von Gmer
Logs von OTL

Basti133 · 14.04.2013, 21:45

Bei mir geht GMER nicht richtig und wenn ich einen Haken anklicken will kommt "(Keine Rückmeldung)"

aharonov · 14.04.2013, 21:48

Ok, dann überspring diesen Schritt und mach mit OTL (Schritt 3) weiter.

Basti133 · 14.04.2013, 21:55

Aww.. hab ein weiteres Problem... Hab vor einer Weile mal an der Registry rumgespielt, weil ich immer ein Problem mit den Temporären Profilen hatte und jedes mal alle Daten wegwaren. Jetzt kann ich OTL nicht ausführen, weil es nicht von einem Temporärem Profil aus geht.

aharonov · 14.04.2013, 21:57

Was für temporäre Profile?
Hast du OTL heruntergeladen und auf den Desktop gespeichert? (Wenn du den Link direkt öffnest und es so starten willst, geht es nicht..)

Basti133 · 14.04.2013, 22:00

Naja, ich hatte immer das Problem, dass beim Hochfahren "Desktop wird vorbereitet" kam und da hab ich es so umgestellt, dass mein Temporäres Profil nichtmehr verschwindet.
Ich schreib mal das aus dem Fenster hin (hab es schon runtergeladen):

OTL

OTL kann nicht von einem temporären Ordner ausgeführt werden!

Bitte lade OTL auf Deinen Desktop oder einen vergleichbaren Ort.

Ok

Habs jetzt unter Benutzer in den richtigen Ordner geschoben und es lädt jetzt^^

aharonov · 14.04.2013, 22:17

Kannst du denn ein neues Profil erstellen und den Scan von dort starten?

Basti133 · 14.04.2013, 22:22

Habs über Benutzer in den richtigen Desktop-Ordner verschoben und von dortaus gestartet

aharonov · 14.04.2013, 22:24

Also läuft der Scan jetzt?

Basti133 · 14.04.2013, 22:27

Ja, aber kann sein, dass es dauern kann^^ Hab mit Avira mal 7h gebraucht und dann hat es nach 50% abgebrochen

aharonov · 14.04.2013, 22:36

Ok

Basti133 · 14.04.2013, 22:42

Was steht da eigentlich alles so in diesem Text, der am Ende übrig bleiben soll?

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.04.2013 23:12:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\basti\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 68,01% Memory free
5,86 Gb Paging File | 4,93 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 160,46 Gb Free Space | 68,90% Space Free | Partition Type: NTFS
Drive D: | 3,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.14 22:51:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\basti\Desktop\OTL.exe
PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013.03.19 08:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.08 15:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2013.01.31 14:28:02 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.02 17:43:43 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2011.07.12 18:15:50 | 000,018,432 | ---- | M] () -- C:\Users\basti\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013.01.31 14:28:02 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.02 17:43:43 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 15:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.13 17:05:42 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011.07.12 18:15:50 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\basti\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe -- (QuickTimeUpdater)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\TEMP~1.BAS\AppData\Local\Temp\pgloqpow.sys -- (pgloqpow)
DRV - [2013.03.06 15:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.09.15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {4A3A4FD8-1238-4A19-953B-F94DAF10AC2C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{19E00F4B-397F-4838-801C-9B41DFC0A1BF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=C8E2D1D5-2186-4C63-8E4B-2FF8DDAA8527&apn_sauid=45262E01-5B74-4983-A873-3D91D3E2A611
IE - HKCU\..\SearchScopes\{4A3A4FD8-1238-4A19-953B-F94DAF10AC2C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={B57D00EE-BB68-41C5-A2C4-21CB1910FC7E}&mid=da909adee2d847d09a2dd156504b4cfa-73d5bdad06080c33dc86219763c9fb2598eb7ee0&lang=de&ds=cv011&pr=sa&d=2012-06-02 17:43:46&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.01 14:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.01 14:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 22:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 22:58:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.02.20 22:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.02.20 22:57:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.20 22:57:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.20 22:58:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.19 17:20:21 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.10.26 19:37:32 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\***.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\***.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (QuickTime) - {D4704207-C86B-4811-951E-6F322F9CEDE7} - C:\Users\basti\AppData\LocalLow\QuickTime\IE\QuickTime.dll (Apple Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\tnnsy1mm5.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B770C5F-78E6-4B0A-B402-EBB5CF7D8607}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1C5E18-1D41-4DE6-B6F8-CAA139A486BF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.01.17 06:34:30 | 000,196,608 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.06.24 08:18:43 | 000,000,092 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{198f5746-af66-11e0-8308-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{198f5746-af66-11e0-8308-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchEAW.exe
O33 - MountPoints2\{c3213b4e-b47f-11e0-b7e7-0022fb5dbb92}\Shell - "" = AutoRun
O33 - MountPoints2\{c3213b4e-b47f-11e0-b7e7-0022fb5dbb92}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.14 22:51:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TEMP.basti-PC\Desktop\OTL.exe
[2013.04.14 08:07:14 | 000,000,000 | --SD | C] -- C:\Users\TEMP.basti-PC\Documents\Eigene Webs
[2013.04.12 23:24:15 | 000,000,000 | ---D | C] -- C:\avrescue
[2013.04.12 16:55:33 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\DVDVideoSoft
[2013.04.12 03:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013.04.11 17:34:16 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\Avira
[2013.04.11 17:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.11 17:31:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.11 17:31:39 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.11 17:31:39 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.11 17:31:39 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.11 17:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.04.10 14:52:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013.04.05 18:49:00 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\Notepad++
[2013.04.05 13:19:33 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
[2013.04.04 22:54:57 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\Desktop\***
[2013.04.03 13:59:54 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\Desktop\***
[2013.04.02 18:04:49 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\Documents\Euro Truck Simulator 2
[2013.04.02 18:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
[2013.04.02 18:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Euro Truck Simulator 2
[2013.03.17 13:15:42 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Local\Diagnostics
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.14 22:51:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TEMP.basti-PC\Desktop\OTL.exe
[2013.04.14 22:35:31 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000UA.job
[2013.04.14 22:30:45 | 000,377,856 | ---- | M] () -- C:\Users\TEMP.basti-PC\Desktop\jl52qj7e.exe
[2013.04.14 22:27:03 | 000,050,477 | ---- | M] () -- C:\Users\TEMP.basti-PC\Desktop\Defogger.exe
[2013.04.14 22:07:40 | 000,000,000 | ---- | M] () -- C:\Users\TEMP.basti-PC\defogger_reenable
[2013.04.14 20:35:11 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000Core.job
[2013.04.14 06:44:07 | 000,959,818 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.14 06:44:07 | 000,713,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.14 06:44:07 | 000,229,934 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.14 06:44:07 | 000,195,812 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.14 06:43:21 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 06:43:21 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 06:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.14 06:31:45 | 2360,782,848 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 13:41:17 | 000,289,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.11 17:31:57 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.22 08:38:33 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.21 15:05:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.14 22:30:40 | 000,377,856 | ---- | C] () -- C:\Users\TEMP.basti-PC\Desktop\jl52qj7e.exe
[2013.04.14 22:27:00 | 000,050,477 | ---- | C] () -- C:\Users\TEMP.basti-PC\Desktop\Defogger.exe
[2013.04.14 22:07:40 | 000,000,000 | ---- | C] () -- C:\Users\TEMP.basti-PC\defogger_reenable
[2013.04.11 17:31:57 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.28 18:19:54 | 001,156,400 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.02.28 18:19:53 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2011.12.13 16:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.11.25 15:56:06 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.07.22 11:29:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.14 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
[2013.04.12 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
[2013.04.06 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
[2013.04.05 18:49:04 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 7
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 5
"ProviderID4" = 6
"ProviderFilename4" = incvkgce5.tsp -- [2012.01.11 16:03:39 | 000,888,832 | ---- | M] (Intra Net Communications)
 
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2010.11.20 14:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 14:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2012.01.11 16:03:39 | 000,888,832 | ---- | M] (Intra Net Communications) -- C:\Windows\system32\incvkgce5.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2012.01.11 16:03:39 | 000,888,832 | ---- | M] (Intra Net Communications) -- C:\Windows\system32\incvkgce5.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /580 >
[2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.04 18:40:37 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.04 18:40:38 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.04 16:41:50 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.04 16:41:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.10.04 16:41:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.04 16:41:50 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2012.08.02 18:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2012.08.30 15:46:44 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\system32\frapsvid.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2013.02.22 05:47:17 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.02.22 05:32:05 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.02.22 05:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\Windows\system32\ImHttpComm.dll
[2013.02.22 05:34:18 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.02.22 05:46:00 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.02.22 05:35:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.10.04 18:43:05 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.10.04 18:43:05 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2011.11.25 15:59:41 | 000,047,104 | ---- | M] () -- C:\Windows\system32\KMVIDC32.DLL
[2012.05.14 06:33:42 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2011.11.17 07:32:51 | 001,038,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2011.12.12 20:18:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll
[2013.02.22 05:33:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.02.22 06:05:50 | 012,324,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.02.22 05:31:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2013.02.05 09:25:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcm80.dll
[2013.02.05 09:25:02 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp100.dll
[2013.02.05 09:25:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp80.dll
[2013.02.05 09:25:02 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100.dll
[2013.02.05 09:25:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr80.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npdeployJava1.dll
[2011.11.17 07:38:39 | 001,288,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2012.05.01 06:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\profsvc.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.04.26 06:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll
[2012.04.26 06:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2011.11.17 07:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.05 09:46:52 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srcore.dll
[2011.11.17 07:34:55 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2011.11.17 07:34:55 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll
[2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2011.12.13 17:05:42 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
[2013.02.22 05:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.02.22 05:38:39 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.02.22 05:34:03 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.02.22 05:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.01.04 06:50:52 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.12.10 12:05:03 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000Core.job
[2011.12.10 12:05:04 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000UA.job
[2012.09.27 20:05:01 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.27 20:05:05 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.23 17:09:22 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
 
< C:\Windows\SysNative\*.dll /580 >
 
< C:\Windows\SysWOW64\*.dll /580 >

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.04.2013 23:12:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\basti\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 68,01% Memory free
5,86 Gb Paging File | 4,93 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 160,46 Gb Free Space | 68,90% Space Free | Partition Type: NTFS
Drive D: | 3,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151099B6-EEDD-4176-AB87-FE988C2E683A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{273E5ED7-C46A-4461-8236-A5A808445F3C}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{40E624B0-0FB3-407D-965F-65800AB21389}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{53048C74-5673-4C3C-A1AB-65C8FE13F5CC}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{69E11958-F5AD-46EF-9341-EB5A64BB93EA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{71F0090D-B00B-47E2-9939-9CAC315F51FC}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{94514297-89AA-46B1-9F66-5D3B2AB11176}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D31F9EC0-4451-4B41-A0F1-8F1DDDB6809A}" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\javaw.exe | 
"{D4EAA435-08DE-4FDA-9F23-F91C0FB298AD}" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\javaw.exe | 
"{D693D1F6-C449-44FF-9146-2F56199EE464}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{E6F71F56-08F4-48DD-ACE3-B32F0CA3F985}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{E810BA3E-11CC-4396-8C9C-C016975A49B1}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"TCP Query User{1C49C162-5A87-4A87-B382-0EFC557F2229}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe | 
"TCP Query User{22545289-B88E-49F0-9321-01C3C3E9C0F8}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{5596DF15-A6C0-4510-8078-30915E651916}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{94E157C2-97C2-4470-A332-519C5214FD1A}C:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"TCP Query User{94F159F2-58FC-4362-B36B-A46A8C8AE547}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{97F85422-1A9A-4605-8FF3-68047DAA1E51}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{ABE85779-1803-44A7-BF1B-189D11EEEC56}C:\program files\ea games\need for speed underground 2\speed2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed underground 2\speed2.exe | 
"TCP Query User{AFA49367-6EB1-4959-8AC4-1948E005411F}C:\program files\java\jdk1.7.0_07\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\javaw.exe | 
"TCP Query User{C75B9CF5-2457-41B4-9279-0AC4A472BE8A}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe | 
"UDP Query User{011C3335-997F-43D8-9D58-754CC0E1CFB6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{1C2A6DC4-0F2D-4051-9726-06202D13E103}C:\program files\java\jdk1.7.0_07\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_07\jre\bin\javaw.exe | 
"UDP Query User{5AE02417-074B-4C56-B2A8-E42287D4BAC5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{8393631B-8E1D-4F81-A7C2-5FADA30C4417}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9E65DC31-BD6F-4229-8250-BBA3A5AEBDA0}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe | 
"UDP Query User{CC274344-038C-4D3F-9E83-E05767F5643C}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe | 
"UDP Query User{D5EFBC26-2D7D-4DEB-BCC8-378C038E4BEA}C:\program files\ea games\need for speed underground 2\speed2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed underground 2\speed2.exe | 
"UDP Query User{DEAE3EB2-869F-4AA4-B88F-A5F92014CCBD}C:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"UDP Query User{ECE42CE8-78FF-4998-B392-C4693E3487C2}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.570
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = ***
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{DD2959A4-EC89-462A-BCF7-5ED56CED8C22}" = Roller Coaster Mania
"{DE790600-2AEB-456D-836A-6654DB2577CD}" = Böse Nachbarn Compilation
"{E3F04224-BA9A-4068-8A51-83267B4E7496}" = ***
"{EB387132-2EE8-4023-B365-2853A2CBBB36}" = Turbo GT
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Governor of Poker" = Governor of Poker
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{EB387132-2EE8-4023-B365-2853A2CBBB36}" = Turbo GT
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"***" = ***
"Notepad++" = Notepad++
"Pinball" = 3D Pinball from Plus! for Windows 95
"***" = ***
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WNLT" = IB Updater Service
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
Error encountered while reading event logs.
 
< End of report >

--- --- ---

aharonov · 15.04.2013, 15:19

Hey,

mal schauen, ob sich das Ding vollständig ausgraben lässt.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
[2012.01.11 16:03:39 | 000,888,832 | ---- | M] (Intra Net Communications) -- C:\Windows\system32\incvkgce5.tsp
SRV - [2011.12.13 17:05:42 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
IE - HKCU\..\SearchScopes\{19E00F4B-397F-4838-801C-9B41DFC0A1BF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=C8E2D1D5-2186-4C63-8E4B-2FF8DDAA8527&apn_sauid=45262E01-5B74-4983-A873-3D91D3E2A611

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]

[HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers]
"ProviderFilename4"=-
"ProviderID4"=-
"NumProviders"=dword:00000004
"NextProviderID"=dword:00000005

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation]
"DisplayName"="@%systemroot%\\system32\\wkssvc.dll,-100"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
  00,69,00,63,00,65,00,00,00
"Description"="@%systemroot%\\system32\\wkssvc.dll,-101"
"ObjectName"="NT AUTHORITY\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):42,00,6f,00,77,00,73,00,65,00,72,00,00,00,4d,00,52,00,\
  78,00,53,00,6d,00,62,00,31,00,30,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,\
  00,32,00,30,00,00,00,4e,00,53,00,49,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
  00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
  67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
  00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
  00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,\
  00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,\
  38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,\
  00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,\
  44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,\
  00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,\
  70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,\
  00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,\
  30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,\
  00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,\
  00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,\
  2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,\
  00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,\
  5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,\
  00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,\
  43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,\
  00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,\
  42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
  00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,\
  30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,\
  00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,\
  45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,\
  5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,\
  00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,\
  2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,\
  00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,\
  70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,\
  00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,\
  38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,\
  00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
  65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,\
  00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,\
  43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,\
  00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,\
  65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,\
  00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
  00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,\
  33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,\
  00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,\
  00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,\
  00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,\
  30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,\
  00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,\
  31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,\
  00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,\
  33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,\
  00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
  69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,\
  00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,\
  32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,\
  00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,\
  36,00,37,00,34,00,46,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,\
  00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,\
  32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,\
  00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,\
  36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,\
  00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,\
  46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,\
  00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,\
  41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,\
  00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,\
  36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,\
  00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,\
  33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,\
  00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,\
  00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,\
  34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,\
  00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,\
  22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,\
  00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,\
  43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,\
  00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,46,00,30,\
  00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,\
  42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,\
  00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,00,22,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,\
  00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,\
  35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,\
  00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,\
  54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,\
  00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,\
  43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,\
  00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,\
  4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,22,00,00,00,22,\
  00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,\
  70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,\
  00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,\
  42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,\
  00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,\
  22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,\
  00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,\
  32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,\
  00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,\
  22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,\
  00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,\
  41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,\
  00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,\
  36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,4e,00,65,\
  00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,\
  22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,\
  00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,\
  41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,\
  00,34,00,46,00,7d,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,\
  00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,\
  6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,\
  00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,\
  45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,\
  00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,\
  7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,\
  00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,\
  6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,\
  00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,\
  33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,\
  00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,\
  33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,\
  00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
  69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,\
  00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,\
  45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,\
  00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,\
  39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
  00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,\
  74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,\
  2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,\
  00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,\
  37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,\
  61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
  00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,\
  33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,\
  00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,\
  00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,\
  00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,\
  6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,\
  00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,\
  42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,\
  00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,\
  65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,\
  00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,\
  63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,\
  00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,\
  2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,\
  00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
  63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,\
  00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,\
  70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,\
  00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,\
  41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,\
  00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
  4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,\
  00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,\
  53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
  00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,\
  74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,\
  00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,\
  32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,\
  00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,\
  36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,\
  00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,\
  74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,\
  00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,\
  35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,\
  00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,\
  41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,\
  00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,\
  72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,\
  00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,\
  35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,\
  00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,\
  37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,\
  00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,\
  6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,\
  00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,\
  5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,\
  00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,\
  2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,\
  00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider]
"DeviceName"="\\Device\\LanmanRedirector"
"Name"="Microsoft Windows Network"
"DisplayName"=hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
  00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
  00,31,00,30,00,32,00,00,00
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  6e,00,74,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"EnablePlainTextPassword"=dword:00000000
"EnableSecuritySignature"=dword:00000001
"RequireSecuritySignature"=dword:00000000
"OtherDomains"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceDllUnloadOnStop"=dword:00000001
"extension"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
  00,6e,00,73,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle"=dword:00000000

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Bitte downloade dir LSPFix und speichere es auf den Desktop.

Starte die LSPFix.exe.
Windows Vista und 7 User mit Rechtsklick -> als Administrator ausführen.
Setze den Haken bei I know what I'm doing.
In der Keep Box solltest du die Datei tnnsy1mm5.dll aufgeführt finden.
Markiere diese tnnsy1mm5.dll und verschiebe sie in die Remove Box, indem du den Button >> drückst.
Klicke danach auf Finish >>.

Schritt 3

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /580
C:\Windows\system32\*.sys /580

Schliesse bitte alle anderen Programme.
Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von OTL

Basti133 · 15.04.2013, 16:56

Bitte nicht erschrecken (die vielen Benutzer)

All processes killed
========== OTL ==========
C:\Windows\System32\incvkgce5.tsp moved successfully.
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
C:\Windows\System32\UpdSvc.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19E00F4B-397F-4838-801C-9B41DFC0A1BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19E00F4B-397F-4838-801C-9B41DFC0A1BF}\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\ProviderFilename4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\ProviderID4 deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\"NumProviders"|dword:00000004 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers\\"NextProviderID"|dword:00000005 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"DisplayName"|"@%systemroot%\\system32\\wkssvc.dll,-100" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Group"|"NetworkProvider" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00 ,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00 ,6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Description"|"@%systemroot%\\system32\\wkssvc.dll,-101" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ObjectName"|"NT AUTHORITY\\NetworkService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"DependOnService"|hex(7):42,00,6f,00,77,00,73,00,65,00,72,00,00,00,4d,00,52,00 ,78,00,53,00,6d,00,62,00,31,00,30,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,00,32,00,30,00,00,00,4e,00,53,00,49,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e ,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e ,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69 ,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00, 00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Bind"|hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d ,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43 ,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65 ,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35 ,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41 ,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b ,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34 ,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f ,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37 ,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76 ,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d ,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c ,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30 ,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44 ,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44 ,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37 ,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32 ,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44 ,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,62,00,69,00,6f ,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f ,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d ,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74 ,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d ,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c ,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45 ,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42 ,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63 ,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d ,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Route"|hex(7):22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,7 0,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2 d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,2 2,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,3 2,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,2 2,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,3 3,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,4 2,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,3 8,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,4 4,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,3 2,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,4 4,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,4 6,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,4 1,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,3 5,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,3 7,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,3 2,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,4 4,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,22,00,0 0,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,4 5,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,4 2,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,2 2,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2 d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,5 4,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,3 5,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,4 e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,3 2,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,3 6,00,37,00,34,00,46,00,7d,00,22,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Export"|hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00, 61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00, 70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00, 37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00, 61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00, 70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00, 30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00, 4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00, 69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00, 33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00, 5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00, 70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00, 41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00, 65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00, 5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00, 2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00, 6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00, 46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00, 41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00, 6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00, 41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00, 36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00, 72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00, 32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00, 36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00, 74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00, 5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00, 54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00, 2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00, 63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00, 54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00, 42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00, 65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00, 65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00, 31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00, 00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00, 6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00, 39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00, 34,00,46,00,7d,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"DeviceName"|"\\Device\\LanmanRedirector" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"Name"|"Microsoft Windows Network" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"DisplayName"|hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00 ,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00 ,6c,00,2c,00,2d,00,31,00,30,00,32,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"ProviderPath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,0 0,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,2e,00,64,0 0,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00 ,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnablePlainTextPassword"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnableSecuritySignature"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"RequireSecuritySignature"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"OtherDomains"|hex(7):00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f ,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00 ,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"extension"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f, 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache\\"ShutdownOnIdle"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: basti
->Temp folder emptied: 1495819193 bytes
->Temporary Internet Files folder emptied: 162945154 bytes
->Java cache emptied: 9234378 bytes
->FireFox cache emptied: 1145542552 bytes
->Google Chrome cache emptied: 14899047 bytes
->Flash cache emptied: 25414 bytes

User: basti.basti-PC
->Temp folder emptied: 25398909 bytes
->Temporary Internet Files folder emptied: 4325199 bytes
->FireFox cache emptied: 407443539 bytes
->Flash cache emptied: 4110 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400707 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 50774 bytes
->Temporary Internet Files folder emptied: 44731 bytes

User: Gast.basti-PC
->Temp folder emptied: 50774 bytes
->Temporary Internet Files folder emptied: 400707 bytes

User: Public

User: TEMP
->Temp folder emptied: 30752828 bytes
->Temporary Internet Files folder emptied: 186608798 bytes
->FireFox cache emptied: 389118810 bytes
->Flash cache emptied: 6398 bytes

User: TEMP.basti

User: TEMP.basti-PC
->Temp folder emptied: 54600381 bytes
->Temporary Internet Files folder emptied: 11595868 bytes
->Java cache emptied: 220997 bytes
->FireFox cache emptied: 396474991 bytes
->Flash cache emptied: 2028 bytes

User: TEMP.basti-PC.000

User: TEMP.basti-PC.001
->Temp folder emptied: 60437 bytes
->Temporary Internet Files folder emptied: 400707 bytes
->FireFox cache emptied: 4622568 bytes
->Flash cache emptied: 602 bytes

User: TEMP.basti-PC.002
->Temp folder emptied: 51747 bytes
->Temporary Internet Files folder emptied: 400707 bytes
->FireFox cache emptied: 5188973 bytes
->Flash cache emptied: 492 bytes

User: TEMP.basti-PC.003

User: TEMP.basti-PC.004

User: TEMP.basti-PC.005

User: TEMP.basti-PC.006

User: TEMP.basti-PC.007
->Temp folder emptied: 50774 bytes
->Temporary Internet Files folder emptied: 400707 bytes

User: TEMP.basti-PC.008
->Temp folder emptied: 50774 bytes
->Temporary Internet Files folder emptied: 400707 bytes

User: TEMP.basti-PC.009
->Temp folder emptied: 50384 bytes
->Temporary Internet Files folder emptied: 400707 bytes

User: TEMP.basti-PC.010
->Temp folder emptied: 50384 bytes
->Temporary Internet Files folder emptied: 44731 bytes

User: TEMP.basti-PC.011
->Temp folder emptied: 50384 bytes
->Temporary Internet Files folder emptied: 400707 bytes

User: TEMP.basti-PC.012
->Temporary Internet Files folder emptied: 355976 bytes

User: TEMP.basti-PC.013
->Temp folder emptied: 52418 bytes
->Temporary Internet Files folder emptied: 400707 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22527309 bytes
->Flash cache emptied: 705 bytes

User: TEMP.basti-PC.014
->Temporary Internet Files folder emptied: 355976 bytes

User: TEMP.basti-PC.015
->Temp folder emptied: 50384 bytes
->Temporary Internet Files folder emptied: 400707 bytes

User: TEMP.basti-PC.016
->Temp folder emptied: 60046 bytes
->Temporary Internet Files folder emptied: 441430 bytes
->FireFox cache emptied: 32262302 bytes
->Flash cache emptied: 926 bytes

User: TEMP.basti-PC.017
->Temp folder emptied: 126371 bytes
->Temporary Internet Files folder emptied: 400707 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140522702 bytes
RecycleBin emptied: 844 bytes

Total Files Cleaned = 4.336,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04152013_170634

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.04.2013 17:35:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\basti\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 76,72% Memory free
5,86 Gb Paging File | 5,18 Gb Available in Paging File | 88,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 164,74 Gb Free Space | 70,74% Space Free | Partition Type: NTFS
Drive D: | 3,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BASTI-PC | User Name: basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.14 22:51:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\basti\Desktop\OTL.exe
PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013.03.19 08:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.08 15:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2013.01.31 14:28:02 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.02 17:43:43 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2011.07.12 18:15:50 | 000,018,432 | ---- | M] () -- C:\Users\basti\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013.01.31 14:28:02 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.02 17:43:43 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 15:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.07.12 18:15:50 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\basti\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe -- (QuickTimeUpdater)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.03.06 15:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.09.15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\..\SearchScopes,DefaultScope = {4A3A4FD8-1238-4A19-953B-F94DAF10AC2C}
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\..\SearchScopes\{4A3A4FD8-1238-4A19-953B-F94DAF10AC2C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={B57D00EE-BB68-41C5-A2C4-21CB1910FC7E}&mid=da909adee2d847d09a2dd156504b4cfa-73d5bdad06080c33dc86219763c9fb2598eb7ee0&lang=de&ds=cv011&pr=sa&d=2012-06-02 17:43:46&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.01 14:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.01 14:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 22:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 22:58:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.02.20 22:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.02.20 22:57:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.20 22:57:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.20 22:58:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.19 17:20:21 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.10.26 19:37:32 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (QuickTime) - {D4704207-C86B-4811-951E-6F322F9CEDE7} - C:\Users\basti\AppData\LocalLow\QuickTime\IE\QuickTime.dll (Apple Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4048311226-3306963738-2257165645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B770C5F-78E6-4B0A-B402-EBB5CF7D8607}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1C5E18-1D41-4DE6-B6F8-CAA139A486BF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.01.17 06:34:30 | 000,196,608 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.06.24 08:18:43 | 000,000,092 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{198f5746-af66-11e0-8308-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{198f5746-af66-11e0-8308-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LaunchEAW.exe
O33 - MountPoints2\{c3213b4e-b47f-11e0-b7e7-0022fb5dbb92}\Shell - "" = AutoRun
O33 - MountPoints2\{c3213b4e-b47f-11e0-b7e7-0022fb5dbb92}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.15 17:31:29 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\TEMP.basti-PC\Desktop\LSPFix.exe
[2013.04.15 17:06:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.14 22:51:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TEMP.basti-PC\Desktop\OTL.exe
[2013.04.14 08:07:14 | 000,000,000 | --SD | C] -- C:\Users\TEMP.basti-PC\Documents\Eigene Webs
[2013.04.12 23:24:15 | 000,000,000 | ---D | C] -- C:\avrescue
[2013.04.12 16:55:33 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\DVDVideoSoft
[2013.04.12 03:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013.04.11 17:34:16 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\Avira
[2013.04.11 17:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.11 17:31:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.04.11 17:31:39 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.11 17:31:39 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.11 17:31:39 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.11 17:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.04.10 14:52:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013.04.05 18:49:00 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\Notepad++
[2013.04.05 13:19:33 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Roaming\FileZilla
[2013.04.04 22:54:57 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\Desktop\Skins
[2013.04.03 13:59:54 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\Desktop\Serverplugins
[2013.04.02 18:04:49 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\Documents\Euro Truck Simulator 2
[2013.04.02 18:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
[2013.04.02 18:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Euro Truck Simulator 2
[2013.03.17 13:15:42 | 000,000,000 | ---D | C] -- C:\Users\TEMP.basti-PC\AppData\Local\Diagnostics
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.15 17:35:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000UA.job
[2013.04.15 17:31:29 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\TEMP.basti-PC\Desktop\LSPFix.exe
[2013.04.15 17:24:14 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 17:24:14 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 17:14:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 17:14:04 | 2360,782,848 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 07:54:33 | 000,959,818 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.15 07:54:33 | 000,713,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 07:54:33 | 000,229,934 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.15 07:54:33 | 000,195,812 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.14 22:51:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TEMP.basti-PC\Desktop\OTL.exe
[2013.04.14 22:30:45 | 000,377,856 | ---- | M] () -- C:\Users\TEMP.basti-PC\Desktop\jl52qj7e.exe
[2013.04.14 22:27:03 | 000,050,477 | ---- | M] () -- C:\Users\TEMP.basti-PC\Desktop\Defogger.exe
[2013.04.14 22:07:40 | 000,000,000 | ---- | M] () -- C:\Users\TEMP.basti-PC\defogger_reenable
[2013.04.14 20:35:11 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000Core.job
[2013.04.13 13:41:17 | 000,289,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.11 17:31:57 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.03.22 08:38:33 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.21 15:05:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 
========== Files Created - No Company Name ==========
 
[2013.04.14 22:30:40 | 000,377,856 | ---- | C] () -- C:\Users\TEMP.basti-PC\Desktop\jl52qj7e.exe
[2013.04.14 22:27:00 | 000,050,477 | ---- | C] () -- C:\Users\TEMP.basti-PC\Desktop\Defogger.exe
[2013.04.14 22:07:40 | 000,000,000 | ---- | C] () -- C:\Users\TEMP.basti-PC\defogger_reenable
[2013.04.11 17:31:57 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.28 18:19:54 | 001,156,400 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.02.28 18:19:53 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2011.12.13 16:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.11.25 15:56:06 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.07.22 11:29:17 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.30 13:33:03 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\***
[2012.10.26 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Babylon
[2011.07.22 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\ChessBase
[2012.09.26 16:41:20 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\***
[2012.09.26 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\***
[2012.08.13 07:58:38 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\eType
[2012.12.01 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\***
[2012.11.30 09:58:39 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\ICQ
[2012.04.11 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Icxoy
[2012.01.10 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Kalydo
[2011.07.22 15:57:38 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Leadertech
[2012.08.04 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Notepad++
[2012.05.03 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Petroglyph
[2012.08.29 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Solveig Multimedia
[2012.04.11 14:18:27 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\Tani
[2012.08.31 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\basti\AppData\Roaming\TS3Client
[2013.01.20 13:08:53 | 000,000,000 | ---D | M] -- C:\Users\basti.basti-PC\AppData\Roaming\***
[2013.01.17 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\basti.basti-PC\AppData\Roaming\***
[2013.01.11 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\***
[2013.01.03 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\***
[2013.01.03 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\TS3Client
[2013.04.14 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
[2013.04.12 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
[2013.04.06 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\***
[2013.04.05 18:49:04 | 000,000,000 | ---D | M] -- C:\Users\TEMP.basti-PC\AppData\Roaming\Notepad++
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{2B770C5F-78E6-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{2B770C5F-78E6-4B0A [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.20 14:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2010.11.20 14:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.03 07:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2010.11.20 14:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 14:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /580 >
[2013.02.15 06:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.04 18:40:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.04 18:40:37 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.04 18:40:37 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.10.04 18:40:37 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.04 18:40:38 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.04 16:41:50 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.04 16:41:50 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.10.04 16:41:50 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.04 16:41:50 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2012.08.02 18:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2012.08.30 15:46:44 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\system32\frapsvid.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2013.02.22 05:47:17 | 009,738,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.02.22 05:32:05 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.02.22 05:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\Windows\system32\ImHttpComm.dll
[2013.02.22 05:34:18 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.02.22 05:46:00 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.02.22 05:35:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.10.04 18:43:05 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.10.04 18:43:05 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2011.11.25 15:59:41 | 000,047,104 | ---- | M] () -- C:\Windows\system32\KMVIDC32.DLL
[2012.05.14 06:33:42 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2011.11.17 07:32:51 | 001,038,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2011.12.12 20:18:07 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll
[2013.02.22 05:33:11 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.02.22 06:05:50 | 012,324,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.02.22 05:31:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.02.15 06:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2013.02.05 09:25:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcm80.dll
[2013.02.05 09:25:02 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp100.dll
[2013.02.05 09:25:04 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp80.dll
[2013.02.05 09:25:02 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100.dll
[2013.02.05 09:25:04 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr80.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npdeployJava1.dll
[2011.11.17 07:38:39 | 001,288,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2012.05.01 06:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\profsvc.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.04.26 06:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll
[2012.04.26 06:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2011.11.17 07:34:52 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.05 09:46:52 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srcore.dll
[2011.11.17 07:34:55 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2011.11.17 07:34:55 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll
[2013.02.15 05:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.02.22 05:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.02.22 05:38:39 | 001,104,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.02.22 05:34:03 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.02.22 05:38:00 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.01.04 06:50:52 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.12.10 12:05:03 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000Core.job
[2011.12.10 12:05:04 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4048311226-3306963738-2257165645-1000UA.job
[2012.09.27 20:05:01 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.27 20:05:05 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.23 17:09:22 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
 
< C:\Windows\system32\*.sys /580 >
[2013.03.01 05:09:59 | 002,347,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys

< End of report >

--- --- ---

14.04.2013, 21:48	#4
aharonov /// TB-Ausbilder	TR/Mediyes.gen entdeckt D: Ok, dann überspring diesen Schritt und mach mit OTL (Schritt 3) weiter. __________________ cheers, Leo

14.04.2013, 21:57	#6
aharonov /// TB-Ausbilder	TR/Mediyes.gen entdeckt D: Was für temporäre Profile? Hast du OTL heruntergeladen und auf den Desktop gespeichert? (Wenn du den Link direkt öffnest und es so starten willst, geht es nicht..) __________________ --> TR/Mediyes.gen entdeckt D: Geändert von aharonov (14.04.2013 um 22:24 Uhr)

14.04.2013, 22:17	#8
aharonov /// TB-Ausbilder	TR/Mediyes.gen entdeckt D: Kannst du denn ein neues Profil erstellen und den Scan von dort starten? __________________ cheers, Leo

14.04.2013, 22:24	#10
aharonov /// TB-Ausbilder	TR/Mediyes.gen entdeckt D: Also läuft der Scan jetzt? __________________ cheers, Leo

14.04.2013, 22:36	#12
aharonov /// TB-Ausbilder	TR/Mediyes.gen entdeckt D: Ok __________________ cheers, Leo

TR/Mediyes.gen entdeckt D:

Plagegeister aller Art und deren Bekämpfung: TR/Mediyes.gen entdeckt D: