GVU Ihr Computer ist gesperrt Trojane Windows 7

mnjakob · 21.04.2013, 14:28

Hallo,

ich habe folgendes Problem,
der PC eines Freundes weist seit einigen Tagen genanntes Fehlverhalten (GVU Ihr Computer ist gesperrt) auf! Windows startet erst ordnungsgemäß, der Desktop erscheint und dann kommt dieses Fenster ohne die Möglichkeit, dieses über bekannte Funktionen wie ALT+F$ oder STRG+TAB usw zu wechseln oder schließen!

Habe nun hier im Board schon den Lösungsansatz gefunden, Reatogo-X-PE zu nutzen und das Log über OTLPE zu erzeugen. Leider werde ich selber dort NICHT fündig!?
Nachfolgend mal das Log.
Kann mir jemand vielleicht auch sagen, welches script ich dann nutzen muss, um das System zu reinigen?

Bin um jeden Hinweis dankbar.
Vielen Dank vorab

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 4/21/2013 3:56:09 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 998.00 Mb Total Space | 828.63 Mb Free Space | 83.03% Space Free | Partition Type: FAT32
Drive E: | 465.66 Gb Total Space | 422.87 Gb Free Space | 90.81% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/20 01:59:04 | 000,092,592 | ---- | M] (TomTom) [Auto] -- E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/06/29 08:32:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 09:14:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/05/01 20:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/06/29 08:32:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 08:32:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 09:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- E:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/10 17:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/28 21:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/28 21:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/12/18 20:00:00 | 000,401,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2007/11/06 21:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- E:\Windows\System32\drivers\avmeject.sys -- (avmeject)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anwender_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Anwender_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Anwender_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Anwender_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 D8 68 F2 F1 6C CA 01 [binary data]
IE - HKU\Anwender_ON_E\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Anwender_ON_E\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Anwender_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anwender_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;192.168.178.254;169.254.1.1;*.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/13 15:28:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/13 15:28:44 | 000,000,000 | ---D | M]
 
[2012/06/06 12:08:23 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Anwender\AppData\Roaming\Mozilla\Extensions
[2012/06/06 12:08:23 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Anwender\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/06/06 12:08:10 | 000,000,000 | ---D | M] (Map status indicator) -- E:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] E:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] E:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKU\Anwender_ON_E..\Run: [EADM] E:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\Anwender_ON_E..\Run: [TomTomHOME.exe] E:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - E:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\Shell - "" = AutoRun
O33 - MountPoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/21 15:14:43 | 002,237,440 | R--- | C] (OldTimer Tools) -- E:\OTLPE.exe
[2013/04/21 15:14:43 | 000,000,000 | ---D | C] -- E:\_OTL
[2013/04/21 07:39:07 | 000,000,000 | ---D | C] -- E:\System-Sicherheit_MJ
[2013/04/02 12:43:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\usb8023.sys
[2013/03/13 07:39:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/03/13 07:39:50 | 000,420,864 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/03/13 07:39:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/03/13 07:39:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/03/13 07:39:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/03/13 07:39:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/03/13 07:39:44 | 001,800,704 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/03/13 07:39:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/03/13 07:39:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/03/13 07:39:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/02/14 06:32:43 | 002,345,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/02/14 06:32:41 | 003,957,608 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2013/02/14 06:32:41 | 003,902,312 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2013/02/14 06:32:38 | 000,187,240 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/14 06:32:33 | 000,271,360 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/02/14 06:32:33 | 000,169,984 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/02/14 06:32:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/02/14 06:32:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/14 06:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/14 06:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/02/14 06:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/02/14 06:32:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/02/14 06:32:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/14 06:32:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/02/14 06:32:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/14 06:32:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/02/14 06:32:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/14 06:32:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/02/14 06:32:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 07:55:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2013/01/09 07:54:16 | 000,308,736 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Wpc.dll
[2013/01/09 07:54:16 | 000,046,592 | ---- | C] (Microsoft) -- E:\Windows\System32\fpb.rs
[2013/01/09 07:54:16 | 000,045,568 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc-nz.rs
[2013/01/09 07:54:16 | 000,044,544 | ---- | C] (Microsoft) -- E:\Windows\System32\pegibbfc.rs
[2013/01/09 07:54:16 | 000,043,520 | ---- | C] (Microsoft) -- E:\Windows\System32\csrr.rs
[2013/01/09 07:54:16 | 000,040,960 | ---- | C] (Microsoft) -- E:\Windows\System32\cob-au.rs
[2013/01/09 07:54:16 | 000,030,720 | ---- | C] (Microsoft) -- E:\Windows\System32\usk.rs
[2013/01/09 07:54:16 | 000,021,504 | ---- | C] (Microsoft) -- E:\Windows\System32\grb.rs
[2013/01/09 07:54:16 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-pt.rs
[2013/01/09 07:54:16 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi.rs
[2013/01/09 07:54:16 | 000,015,360 | ---- | C] (Microsoft) -- E:\Windows\System32\djctq.rs
[2013/01/09 07:54:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2013/01/09 07:54:14 | 000,055,296 | ---- | C] (Microsoft) -- E:\Windows\System32\cero.rs
[2013/01/09 07:54:14 | 000,051,712 | ---- | C] (Microsoft) -- E:\Windows\System32\esrb.rs
[2013/01/09 07:54:14 | 000,023,552 | ---- | C] (Microsoft) -- E:\Windows\System32\oflc.rs
[2013/01/09 07:54:14 | 000,020,480 | ---- | C] (Microsoft) -- E:\Windows\System32\pegi-fi.rs
[2013/01/09 07:53:56 | 000,219,136 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2012/12/22 06:34:33 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- E:\Windows\System32\atmfd.dll
[2012/12/22 06:34:33 | 000,034,304 | ---- | C] (Adobe Systems) -- E:\Windows\System32\atmlib.dll
[2012/12/13 11:36:58 | 000,376,832 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\dpnet.dll
[2012/12/13 11:36:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[2012/11/16 11:04:20 | 000,047,720 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\WdfLdr.sys
[2012/11/16 11:04:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\Wdfres.dll
[2012/11/16 11:04:03 | 000,613,888 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WUDFx.dll
[2012/11/16 11:04:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WUDFPlatform.dll
[2012/11/16 11:04:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\WUDFCoinstaller.dll
[2012/11/16 10:59:58 | 000,078,336 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\synceng.dll
[2012/10/24 15:17:20 | 000,000,000 | ---D | C] -- E:\Windows\System32\DRVSTORE
[2012/10/24 12:19:27 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- E:\Windows\System32\deployJava1.dll
[2012/10/24 12:19:27 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- E:\Windows\System32\javaws.exe
[2012/10/24 12:19:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- E:\Windows\System32\javaw.exe
[2012/10/24 12:19:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- E:\Windows\System32\java.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/21 09:44:14 | 095,023,320 | ---- | M] () -- E:\ProgramData\5696557.pad
[2013/04/21 09:43:59 | 000,001,098 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/21 09:43:52 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2013/04/21 09:43:49 | 1559,928,832 | -HS- | M] () -- E:\hiberfil.sys
[2013/04/21 07:50:01 | 000,014,800 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/21 07:50:01 | 000,014,800 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/21 06:45:50 | 000,002,129 | ---- | M] () -- E:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/02 11:55:00 | 000,001,102 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/14 04:41:40 | 000,654,150 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2013/03/14 04:41:40 | 000,616,032 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2013/03/14 04:41:40 | 000,130,022 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2013/03/14 04:41:40 | 000,106,412 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2013/03/13 16:45:17 | 000,001,039 | ---- | M] () -- E:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/02/14 07:13:07 | 000,269,712 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2013/02/12 09:51:24 | 000,015,872 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\drivers\usb8023.sys
[2013/02/01 23:38:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\jscript9.dll
[2013/02/01 23:30:32 | 001,427,968 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\inetcpl.cpl
[2013/02/01 23:29:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\url.dll
[2013/02/01 23:27:56 | 000,065,024 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\jsproxy.dll
[2013/02/01 23:26:47 | 000,142,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieUnatt.exe
[2013/02/01 23:26:45 | 000,717,824 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\jscript.dll
[2013/02/01 23:26:21 | 000,420,864 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\vbscript.dll
[2013/02/01 23:25:16 | 000,607,744 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\msfeeds.dll
[2013/02/01 23:23:28 | 002,382,848 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\mshtml.tlb
[2013/02/01 23:20:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ieui.dll
[2013/01/16 20:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\MpSigStub.exe
[2013/01/14 05:20:55 | 000,002,225 | ---- | M] () -- E:\Users\Anwender\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/05 01:02:17 | 003,957,608 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ntkrnlpa.exe
[2013/01/05 01:02:17 | 003,902,312 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ntoskrnl.exe
[2013/01/04 00:55:09 | 000,187,240 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/01/04 00:50:40 | 000,169,984 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\winsrv.dll
[2013/01/04 00:43:54 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/04 00:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/04 00:43:54 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/04 00:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/04 00:43:54 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/04 00:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/04 00:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/04 00:43:54 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/04 00:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/04 00:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/04 00:43:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/04 00:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/04 00:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/04 00:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/04 00:43:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/04 00:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/04 00:43:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/04 00:43:52 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/04 00:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/04 00:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/04 00:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/04 00:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/04 00:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/04 00:43:52 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/03 23:00:30 | 002,345,984 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\win32k.sys
[2013/01/03 22:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\conhost.exe
[2013/01/03 22:43:35 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/03 22:43:34 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/03 22:43:34 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/03 22:43:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- E:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/16 10:25:27 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\System32\atmfd.dll
[2012/12/16 10:25:19 | 000,034,304 | ---- | M] (Adobe Systems) -- E:\Windows\System32\atmlib.dll
[2012/12/07 01:04:20 | 000,308,736 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\Wpc.dll
[2012/12/07 00:57:38 | 002,576,384 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\gameux.dll
[2012/12/06 23:21:08 | 000,045,568 | ---- | M] (Microsoft) -- E:\Windows\System32\oflc-nz.rs
[2012/12/06 23:21:08 | 000,044,544 | ---- | M] (Microsoft) -- E:\Windows\System32\pegibbfc.rs
[2012/12/06 23:21:08 | 000,043,520 | ---- | M] (Microsoft) -- E:\Windows\System32\csrr.rs
[2012/12/06 23:21:08 | 000,030,720 | ---- | M] (Microsoft) -- E:\Windows\System32\usk.rs
[2012/12/06 23:21:08 | 000,023,552 | ---- | M] (Microsoft) -- E:\Windows\System32\oflc.rs
[2012/12/06 23:21:07 | 000,020,480 | ---- | M] (Microsoft) -- E:\Windows\System32\pegi-pt.rs
[2012/12/06 23:21:06 | 000,020,480 | ---- | M] (Microsoft) -- E:\Windows\System32\pegi-fi.rs
[2012/12/06 23:21:06 | 000,020,480 | ---- | M] (Microsoft) -- E:\Windows\System32\pegi.rs
[2012/12/06 23:21:05 | 000,055,296 | ---- | M] (Microsoft) -- E:\Windows\System32\cero.rs
[2012/12/06 23:21:05 | 000,051,712 | ---- | M] (Microsoft) -- E:\Windows\System32\esrb.rs
[2012/12/06 23:21:05 | 000,046,592 | ---- | M] (Microsoft) -- E:\Windows\System32\fpb.rs
[2012/12/06 23:21:05 | 000,021,504 | ---- | M] (Microsoft) -- E:\Windows\System32\grb.rs
[2012/12/06 23:21:04 | 000,040,960 | ---- | M] (Microsoft) -- E:\Windows\System32\cob-au.rs
[2012/12/06 23:21:04 | 000,015,360 | ---- | M] (Microsoft) -- E:\Windows\System32\djctq.rs
[2012/11/20 01:10:07 | 000,219,136 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\ncrypt.dll
[2012/11/09 00:49:55 | 000,492,032 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\win32spl.dll
[2012/11/09 00:49:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\tzres.dll
[2012/11/08 09:12:25 | 000,002,699 | ---- | M] () -- E:\Users\Public\Desktop\Playway 4 CD-ROM.lnk
[2012/11/02 00:48:28 | 000,376,832 | ---- | M] (Microsoft Corporation) -- E:\Windows\System32\dpnet.dll
[2012/10/24 15:17:25 | 000,001,753 | ---- | M] () -- E:\Users\Public\Desktop\iTunes.lnk
[2012/10/24 12:19:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Windows\System32\deployJava1.dll
[2012/10/24 12:19:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- E:\Windows\System32\javaws.exe
[2012/10/24 12:19:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- E:\Windows\System32\javaw.exe
[2012/10/24 12:19:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- E:\Windows\System32\java.exe
 
========== Files Created - No Company Name ==========
 
[2013/03/13 16:45:17 | 000,001,039 | ---- | C] () -- E:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/03/13 16:45:16 | 095,023,320 | ---- | C] () -- E:\ProgramData\5696557.pad
[2012/11/16 11:04:21 | 000,000,003 | ---- | C] () -- E:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 11:04:03 | 000,000,003 | ---- | C] () -- E:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/08 09:12:25 | 000,002,699 | ---- | C] () -- E:\Users\Public\Desktop\Playway 4 CD-ROM.lnk
[2012/10/24 15:17:25 | 000,001,753 | ---- | C] () -- E:\Users\Public\Desktop\iTunes.lnk
[2010/12/13 15:22:17 | 000,241,383 | ---- | C] () -- E:\Windows\hpwins28.dat
[2010/08/08 08:09:34 | 000,765,952 | ---- | C] () -- E:\Windows\System32\xvidcore.dll
[2010/08/08 08:09:34 | 000,180,224 | ---- | C] () -- E:\Windows\System32\xvidvfw.dll
[2010/08/08 08:09:34 | 000,008,704 | ---- | C] () -- E:\Windows\System32\vidccleaner.exe
[2010/05/30 04:56:09 | 000,000,760 | ---- | C] () -- E:\Users\Anwender\AppData\Roaming\setup_ldm.iss
[2009/11/27 14:38:44 | 000,015,573 | ---- | C] () -- E:\Windows\System32\drivers\fwlanusbn.bin
[2009/08/18 03:18:40 | 000,000,418 | ---- | C] () -- E:\Windows\hpwmdl28.dat
[2009/07/14 04:47:43 | 000,654,150 | ---- | C] () -- E:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- E:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,022 | ---- | C] () -- E:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- E:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,269,712 | ---- | C] () -- E:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,032 | ---- | C] () -- E:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- E:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,412 | ---- | C] () -- E:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- E:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- E:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- E:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- E:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2012/10/24 15:17:18 | 000,000,000 | ---D | M] -- E:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/11/24 06:34:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2010/12/15 11:49:42 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2010/12/15 11:58:16 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonEPP
[2010/12/15 12:12:08 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJEGV
[2010/12/15 11:58:16 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJEPPEX2
[2010/12/15 11:53:23 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJMSetup
[2010/12/15 12:05:22 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJScan
[2010/12/15 11:51:20 | 000,000,000 | ---D | M] -- E:\ProgramData\CanonIJWSpt
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/11/24 06:34:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2013/01/18 13:02:12 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2009/11/24 06:34:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2010/05/17 15:31:01 | 000,000,000 | ---D | M] -- E:\ProgramData\ICQ
[2013/01/18 13:07:25 | 000,000,000 | ---D | M] -- E:\ProgramData\Origin
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/11/24 06:34:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/06/06 12:09:36 | 000,000,000 | ---D | M] -- E:\ProgramData\TomTom
[2009/11/24 06:34:52 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2013/01/24 10:57:56 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Hoffe auf schnelle Hilfe
LG
Michael

aharonov · 21.04.2013, 14:50

edit: Dieses Unterforum ist eigentlich nicht der richtige Ort für eine Bereinigung. Dieser Thread sollte bald verschoben werden.

Hallo Michael,

schau mal, ob du nach folgendem Fix den Rechner wieder normal starten kannst:

Starte den infizierten Rechner mit der OTLpe-CD und öffne OTLpe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:OTL
[2013/03/13 16:45:17 | 000,001,039 | ---- | C] () -- E:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/03/13 16:45:16 | 095,023,320 | ---- | C] () -- E:\ProgramData\5696557.pad

Klicke jetzt auf den Fix Button.
Starte danach neu und versuche wieder in den normalen Modus von Windows zu booten.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\OTL\MovedFiles\<time_date.log>)
Kopiere nun dessen Inhalt hier in deinen Thread.

mnjakob · 21.04.2013, 15:10

Hallo Leo,

hier das Log:

Zitat:

========== OTL ==========
E:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
E:\ProgramData\5696557.pad moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 04212013_170325

Ich hatte das ganze System schon mal ans Laufen gebracht, jedoch kam dann mit einem mal, nachdem ich den "adwcleaner" seine Arbeit verichten ließ, wieder diese Nachricht!?

Vielen Dank für Deine Hilfe

LG
Micha

aharonov · 21.04.2013, 15:21

Hallo Micha,

aber jetzt kannst du den Rechner wieder normal starten?

mnjakob · 21.04.2013, 15:24

Hallo,

ja, er ist jetzt normal hochgefahren. Ich lasse gerade Anti-Malware laufen!
Gibt es noch eine Sinnige Software, die ich zur Bekämpfung laufen lassen kann?

Vielen Dank.

LG
Micha

aharonov · 21.04.2013, 15:24

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

mnjakob · 21.04.2013, 15:27

Hey,

noch mal kurz ergänzend, Anti-Malware hat den Eintrag "C:User\Anwender\7556965.dll" gefunden!??

Hoffe, dass dieser nun weg ist?

LG
Micha

Otl.txt:
OTL Logfile:

Code:

ATTFilter

otl logfile created on: 21.04.2013 16:44:25 - run 1
otl by oldtimer - version 3.2.69.0     folder = c:\users\anwender\downloads
 home premium edition  (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
 
1,94 gb total physical memory | 1,18 gb available physical memory | 61,01% memory free
3,87 gb paging file | 2,87 gb available in paging file | 73,98% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 465,66 gb total space | 421,25 gb free space | 90,46% space free | partition type: Ntfs
 
computer name: Anwender-pc | user name: Anwender | logged in as administrator.
Boot mode: Normal | scan mode: All users
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 180 days
 
========== processes (safelist) ==========
 
prc - [2013.04.21 16:43:20 | 000,602,112 | ---- | m] (oldtimer tools) -- c:\users\anwender\downloads\otl.exe
prc - [2013.04.21 16:14:23 | 000,086,752 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\sched.exe
prc - [2013.04.21 16:13:47 | 000,079,584 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avshadow.exe
prc - [2013.04.21 16:13:41 | 000,110,816 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avguard.exe
prc - [2013.04.21 16:13:40 | 000,345,312 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avgnt.exe
prc - [2013.02.02 06:19:04 | 000,757,296 | ---- | m] (microsoft corporation) -- c:\programme\internet explorer\iexplore.exe
prc - [2013.01.15 17:48:47 | 000,308,368 | ---- | m] (google inc.) -- c:\programme\google\google toolbar\googletoolbaruser_32.exe
prc - [2012.07.27 22:51:26 | 000,063,960 | ---- | m] (adobe systems incorporated) -- c:\programme\common files\adobe\arm\1.0\armsvc.exe
prc - [2012.04.20 07:59:04 | 000,092,592 | ---- | m] (tomtom) -- c:\programme\tomtom home 2\tomtomhomeservice.exe
prc - [2012.04.20 07:59:02 | 000,247,728 | ---- | m] (tomtom) -- c:\programme\tomtom home 2\tomtomhomerunner.exe
prc - [2011.02.26 07:33:07 | 002,614,784 | ---- | m] (microsoft corporation) -- c:\windows\explorer.exe
prc - [2010.04.02 11:18:54 | 001,185,112 | ---- | m] (canon inc.) -- c:\programme\canon\solution menu ex\cnsemain.exe
prc - [2010.03.25 04:50:00 | 002,516,296 | ---- | m] (canon inc.) -- c:\programme\canon\myprinter\bjmyprt.exe
prc - [2009.07.14 03:14:47 | 001,121,280 | ---- | m] (microsoft corporation) -- c:\programme\windows media player\wmpnetwk.exe
prc - [2009.07.14 03:14:42 | 000,049,152 | ---- | m] (microsoft corporation) -- c:\windows\system32\taskhost.exe
prc - [2008.05.02 02:44:08 | 000,805,392 | ---- | m] (logitech, inc.) -- c:\programme\logitech\setpoint\setpoint.exe
prc - [2008.05.02 02:40:56 | 000,076,304 | ---- | m] (logitech, inc.) -- c:\programme\common files\logishrd\khal2\khalmnpr.exe
prc - [2007.12.20 15:19:46 | 000,293,168 | ---- | m] (avm berlin) -- c:\programme\avmwlanstick\fritzwlanmini.exe
 
 
========== modules (no company name) ==========
 
mod - [2012.08.27 21:33:32 | 000,087,912 | ---- | m] () -- c:\programme\common files\apple\apple application support\zlib1.dll
mod - [2012.08.27 21:33:08 | 001,242,512 | ---- | m] () -- c:\programme\common files\apple\apple application support\libxml2.dll
 
 
========== services (safelist) ==========
 
srv - [2013.04.21 16:14:23 | 000,086,752 | ---- | m] (avira operations gmbh & co. Kg) [auto | running] -- c:\programme\avira\antivir desktop\sched.exe -- (antivirschedulerservice)
srv - [2013.04.21 16:13:41 | 000,110,816 | ---- | m] (avira operations gmbh & co. Kg) [auto | running] -- c:\programme\avira\antivir desktop\avguard.exe -- (antivirservice)
srv - [2012.07.27 22:51:26 | 000,063,960 | ---- | m] (adobe systems incorporated) [auto | running] -- c:\programme\common files\adobe\arm\1.0\armsvc.exe -- (adobearmservice)
srv - [2012.04.20 07:59:04 | 000,092,592 | ---- | m] (tomtom) [auto | running] -- c:\programme\tomtom home 2\tomtomhomeservice.exe -- (tomtomhomeservice)
srv - [2009.07.14 03:16:13 | 000,025,088 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\sensrsvc.dll -- (sensrsvc)
srv - [2009.07.14 03:15:41 | 000,680,960 | ---- | m] (microsoft corporation) [auto | running] -- c:\programme\windows defender\mpsvc.dll -- (windefend)
srv - [2009.07.14 03:14:47 | 001,121,280 | ---- | m] (microsoft corporation) [auto | running] -- c:\programme\windows media player\wmpnetwk.exe -- (wmpnetworksvc)
srv - [2008.05.02 02:42:06 | 000,121,360 | ---- | m] (logitech, inc.) [on_demand | stopped] -- c:\programme\common files\logishrd\bluetooth\lbtserv.exe -- (lbtserv)
 
 
========== driver services (safelist) ==========
 
drv - [2013.04.21 16:14:52 | 000,135,136 | ---- | m] (avira operations gmbh & co. Kg) [kernel | system | running] -- c:\windows\system32\drivers\avipbb.sys -- (avipbb)
drv - [2013.04.21 16:14:52 | 000,084,744 | ---- | m] (avira operations gmbh & co. Kg) [file_system | auto | running] -- c:\windows\system32\drivers\avgntflt.sys -- (avgntflt)
drv - [2013.04.21 16:14:52 | 000,037,352 | ---- | m] (avira operations gmbh & co. Kg) [kernel | system | running] -- c:\windows\system32\drivers\avkmgr.sys -- (avkmgr)
drv - [2013.04.21 16:14:52 | 000,028,520 | ---- | m] (avira gmbh) [kernel | system | stopped] -- c:\windows\system32\drivers\ssmdrv.sys -- (ssmdrv)
drv - [2010.04.08 20:32:36 | 000,215,656 | ---- | m] (nvidia corporation) [kernel | boot | stopped] -- c:\windows\system32\drivers\nvstor32.sys -- (nvstor32)
drv - [2010.03.04 12:26:56 | 000,296,936 | ---- | m] (nvidia corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nvmf6232.sys -- (nvnet)
drv - [2009.07.14 01:51:11 | 000,034,944 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\winusb.sys -- (winusb)
drv - [2009.07.14 00:02:52 | 000,347,264 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nvm62x32.sys -- (nvenetfd)
drv - [2009.06.10 23:19:48 | 009,853,248 | ---- | m] (nvidia corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nvlddmkm.sys -- (nvlddmkm)
drv - [2008.02.29 03:13:24 | 000,036,880 | ---- | m] (logitech, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lmoufilt.sys -- (lmoufilt)
drv - [2008.02.29 03:13:16 | 000,035,344 | ---- | m] (logitech, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lhidfilt.sys -- (lhidfilt)
drv - [2007.12.19 02:00:00 | 000,401,920 | ---- | m] (avm gmbh) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\fwlanusbn.sys -- (fwlanusbn)
drv - [2007.11.07 03:00:00 | 000,004,352 | ---- | m] (avm berlin) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\avmeject.sys -- (avmeject)
 
 
========== standard registry (safelist) ==========
 
 
========== internet explorer ==========
 
ie - hklm\..\searchscopes,defaultscope = 
ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
 
 
ie - hku\.default\..\searchscopes,defaultscope = 
ie - hku\.default\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
 
ie - hku\s-1-5-18\..\searchscopes,defaultscope = 
ie - hku\s-1-5-18\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
 
ie - hku\s-1-5-19\..\searchscopes,defaultscope = 
 
ie - hku\s-1-5-20\..\searchscopes,defaultscope = 
 
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page = Google
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = de
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache_timestamp = 60 d8 68 f2 f1 6c ca 01  [binary data]
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\urlsearchhook:  - no clsid value found
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = fritz.box;192.168.178.1;192.168.178.254;169.254.1.1;*.local
 
 
========== firefox ==========
 
ff - hklm\software\mozillaplugins\@adobe.com/shockwaveplayer: C:\windows\system32\adobe\director\np32dsw.dll (adobe systems, inc.)
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=:  File not found
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=1.0: C:\program files\itunes\mozilla plugins\npitunes.dll ()
ff - hklm\software\mozillaplugins\@canon.com/eppex: C:\program files\canon\easy-photoprint ex\npezffpi.dll (canon inc.)
ff - hklm\software\mozillaplugins\@java.com/javaplugin: C:\program files\java\jre6\bin\new_plugin\npjp2.dll (sun microsystems, inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=3: C:\program files\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=9: C:\program files\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\adobe reader: C:\program files\adobe\reader 10.0\reader\air\nppdf32.dll (adobe systems inc.)
 
ff - hkey_local_machine\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: C:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2010.12.13 21:28:44 | 000,000,000 | ---d | m]
ff - hkey_current_user\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: C:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2010.12.13 21:28:44 | 000,000,000 | ---d | m]
 
[2012.06.06 18:08:23 | 000,000,000 | ---d | m] (no name found) -- c:\users\anwender\appdata\roaming\mozilla\extensions
[2012.06.06 18:08:23 | 000,000,000 | ---d | m] (no name found) -- c:\users\anwender\appdata\roaming\mozilla\extensions\home2@tomtom.com
 
========== chrome  ==========
 
chr - default_search_provider: Google (enabled)
chr - default_search_provider: Search_url = {google:baseurl}search?q={searchterms}&{google:rlz}{google:acceptedsuggestion}{google:originalqueryforsuggestion}{google:searchfieldtrialparameter}sourceid=chrome&ie={inputencoding}
chr - default_search_provider: Suggest_url = {google:basesuggesturl}search?{google:searchfieldtrialparameter}client=chrome&hl={language}&q={searchterms}
chr - homepage: Google
 
o1 hosts file: ([2009.06.10 23:39:37 | 000,000,824 | ---- | m]) - c:\windows\system32\drivers\etc\hosts
o4 - hklm..\run: [apsdaemon] c:\program files\common files\apple\apple application support\apsdaemon.exe (apple inc.)
o4 - hklm..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe (avira operations gmbh & co. Kg)
o4 - hklm..\run: [avmwlanclient] c:\programme\avmwlanstick\fritzwlanmini.exe (avm berlin)
o4 - hklm..\run: [canonmyprinter] c:\program files\canon\myprinter\bjmyprt.exe (canon inc.)
o4 - hklm..\run: [canonsolutionmenuex] c:\program files\canon\solution menu ex\cnsemain.exe (canon inc.)
o4 - hklm..\run: [kernel and hardware abstraction layer] c:\windows\khalmnpr.exe (logitech, inc.)
o4 - hku\s-1-5-21-517919386-2500931453-121362134-1000..\run: [eadm] c:\program files\origin\origin.exe (electronic arts)
o4 - hku\s-1-5-21-517919386-2500931453-121362134-1000..\run: [tomtomhome.exe] c:\program files\tomtom home 2\tomtomhomerunner.exe (tomtom)
o4 - hku\s-1-5-19..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o4 - hku\s-1-5-20..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 5
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3
o10 - namespace_catalog5\catalog_entries\000000000007 [] - c:\programme\bonjour\mdnsnsp.dll (apple inc.)
o13 - gopher prefix: Missing
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted domains: Fritz.box ([]* in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range1 ([*] in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range2 ([*] in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range3 ([*] in local intranet)
o16 - dpf: {166b1bca-3f9c-11cf-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (shockwave activex control)
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab (java plug-in 1.6.0_29)
o16 - dpf: {cafeefac-0016-0000-0029-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (java plug-in 1.6.0_29)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (java plug-in 1.6.0_29)
o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 80.69.103.78 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{383b7c90-76db-45e0-89f5-6d048e2e3b91}: Dhcpnameserver = 192.168.178.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{47abd2cd-0c9e-4f84-b0a6-ce1599779cc8}: Dhcpnameserver = 80.69.103.78 192.168.0.1
o20 - hklm winlogon: Shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20 - hklm winlogon: Userinit - (c:\windows\system32\userinit.exe) - c:\windows\system32\userinit.exe (microsoft corporation)
o20 - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - c:\windows\system32\systempropertiesperformance.exe (microsoft corporation)
o20 - winlogon\notify\lbtwlgn: Dllname - (c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll) - c:\programme\common files\logishrd\bluetooth\lbtwlgn.dll (logitech, inc.)
o21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
O32 - hklm cdrom: Autorun - 1
o32 - autorun file - [2009.06.10 23:42:20 | 000,000,024 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o33 - mountpoints2\{126eb3c7-d91f-11de-92f8-806e6f6e6963}\shell - "" = autorun
o33 - mountpoints2\{126eb3c7-d91f-11de-92f8-806e6f6e6963}\shell\autorun\command - "" = d:\reatogomenu.exe
o33 - mountpoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\shell - "" = autorun
o33 - mountpoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\shell\autorun\command - "" = e:\pushinst.exe
o34 - hklm bootexecute: (autocheck autochk *)
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
o38 - subsystems\\windows: (serverdll=winsrv:userserverdllinitialization,3)
o38 - subsystems\\windows: (serverdll=winsrv:conserverdllinitialization,2)
o38 - subsystems\\windows: (serverdll=sxssrv,4)
 
========== files/folders - created within 180 days ==========
 
[2013.04.21 21:14:43 | 002,237,440 | r--- | c] (oldtimer tools) -- c:\otlpe.exe
[2013.04.21 21:14:43 | 000,000,000 | ---d | c] -- c:\_otl
[2013.04.21 16:34:46 | 000,758,784 | ---- | c] (nvidia corporation) -- c:\windows\system32\cohelper.dll
[2013.04.21 16:34:45 | 000,000,000 | ---d | c] -- c:\program files\nvidia corporation
[2013.04.21 16:34:19 | 000,953,856 | ---- | c] (nvidia corporation) -- c:\windows\system32\fdco2.dll
[2013.04.21 16:34:19 | 000,372,840 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvraiins.dll
[2013.04.21 16:34:19 | 000,372,840 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvraidco.dll
[2013.04.21 16:34:19 | 000,296,936 | ---- | c] (nvidia corporation) -- c:\windows\system32\drivers\nvmf6232.sys
[2013.04.21 16:34:19 | 000,215,656 | ---- | c] (nvidia corporation) -- c:\windows\system32\drivers\nvstor32.sys
[2013.04.21 16:34:19 | 000,207,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvconrm.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoptb.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoit.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcofr.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoesm.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoes.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcode.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcosv.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoru.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcono.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrconl.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcofi.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoda.dll
[2013.04.21 16:34:19 | 000,017,000 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoenu.dll
[2013.04.21 16:34:19 | 000,017,000 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoeng.dll
[2013.04.21 16:34:19 | 000,015,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoko.dll
[2013.04.21 16:34:19 | 000,015,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoja.dll
[2013.04.21 16:34:19 | 000,014,952 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcozht.dll
[2013.04.21 16:34:19 | 000,014,952 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcozhc.dll
[2013.04.21 16:33:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\avira
[2013.04.21 16:28:10 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\avira
[2013.04.21 16:27:57 | 000,028,520 | ---- | c] (avira gmbh) -- c:\windows\system32\drivers\ssmdrv.sys
[2013.04.21 16:27:56 | 000,135,136 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avipbb.sys
[2013.04.21 16:27:56 | 000,084,744 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avgntflt.sys
[2013.04.21 16:27:56 | 000,037,352 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avkmgr.sys
[2013.04.21 16:27:53 | 000,000,000 | ---d | c] -- c:\programdata\avira
[2013.04.21 16:27:53 | 000,000,000 | ---d | c] -- c:\program files\avira
[2013.04.21 16:18:22 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\malwarebytes
[2013.04.21 16:17:58 | 000,000,000 | ---d | c] -- c:\programdata\malwarebytes
[2013.04.21 16:17:57 | 000,022,856 | ---- | c] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2013.04.21 16:17:57 | 000,000,000 | ---d | c] -- c:\program files\malwarebytes' anti-malware
[2013.04.21 16:17:44 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\programs
[2013.04.21 13:39:07 | 000,000,000 | ---d | c] -- c:\system-sicherheit_mj
[2013.04.02 18:43:05 | 000,015,872 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\usb8023.sys
[2013.03.13 13:39:51 | 002,382,848 | ---- | c] (microsoft corporation) -- c:\windows\system32\mshtml.tlb
[2013.03.13 13:39:49 | 000,065,024 | ---- | c] (microsoft corporation) -- c:\windows\system32\jsproxy.dll
[2013.03.13 13:39:45 | 000,607,744 | ---- | c] (microsoft corporation) -- c:\windows\system32\msfeeds.dll
[2013.03.13 13:39:45 | 000,176,640 | ---- | c] (microsoft corporation) -- c:\windows\system32\ieui.dll
[2013.03.13 13:39:45 | 000,142,848 | ---- | c] (microsoft corporation) -- c:\windows\system32\ieunatt.exe
[2013.03.13 13:39:44 | 001,800,704 | ---- | c] (microsoft corporation) -- c:\windows\system32\jscript9.dll
[2013.03.13 13:39:44 | 000,231,936 | ---- | c] (microsoft corporation) -- c:\windows\system32\url.dll
[2013.03.13 13:39:43 | 001,427,968 | ---- | c] (microsoft corporation) -- c:\windows\system32\inetcpl.cpl
[2013.02.14 12:32:43 | 002,345,984 | ---- | c] (microsoft corporation) -- c:\windows\system32\win32k.sys
[2013.02.14 12:32:41 | 003,957,608 | ---- | c] (microsoft corporation) -- c:\windows\system32\ntkrnlpa.exe
[2013.02.14 12:32:41 | 003,902,312 | ---- | c] (microsoft corporation) -- c:\windows\system32\ntoskrnl.exe
[2013.02.14 12:32:38 | 000,187,240 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\fwpkclnt.sys
[2013.02.14 12:32:33 | 000,271,360 | ---- | c] (microsoft corporation) -- c:\windows\system32\conhost.exe
[2013.02.14 12:32:33 | 000,169,984 | ---- | c] (microsoft corporation) -- c:\windows\system32\winsrv.dll
[2013.02.14 12:32:33 | 000,005,120 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,608 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 12:32:32 | 000,006,144 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 12:32:32 | 000,004,608 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 12:32:32 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.18 19:07:25 | 000,000,000 | ---d | c] -- c:\program files\origin games
[2013.01.18 19:07:25 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\origin
[2013.01.18 19:06:45 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\origin
[2013.01.18 19:02:13 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\origin
[2013.01.18 19:02:12 | 000,000,000 | ---d | c] -- c:\programdata\origin
[2013.01.18 19:02:12 | 000,000,000 | ---d | c] -- c:\programdata\electronic arts
[2013.01.18 19:01:51 | 000,000,000 | ---d | c] -- c:\program files\origin
[2013.01.09 13:54:16 | 000,308,736 | ---- | c] (microsoft corporation) -- c:\windows\system32\wpc.dll
[2013.01.09 13:54:16 | 000,046,592 | ---- | c] (microsoft) -- c:\windows\system32\fpb.rs
[2013.01.09 13:54:16 | 000,045,568 | ---- | c] (microsoft) -- c:\windows\system32\oflc-nz.rs
[2013.01.09 13:54:16 | 000,044,544 | ---- | c] (microsoft) -- c:\windows\system32\pegibbfc.rs
[2013.01.09 13:54:16 | 000,043,520 | ---- | c] (microsoft) -- c:\windows\system32\csrr.rs
[2013.01.09 13:54:16 | 000,040,960 | ---- | c] (microsoft) -- c:\windows\system32\cob-au.rs
[2013.01.09 13:54:16 | 000,030,720 | ---- | c] (microsoft) -- c:\windows\system32\usk.rs
[2013.01.09 13:54:16 | 000,021,504 | ---- | c] (microsoft) -- c:\windows\system32\grb.rs
[2013.01.09 13:54:16 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi-pt.rs
[2013.01.09 13:54:16 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi.rs
[2013.01.09 13:54:16 | 000,015,360 | ---- | c] (microsoft) -- c:\windows\system32\djctq.rs
[2013.01.09 13:54:15 | 002,576,384 | ---- | c] (microsoft corporation) -- c:\windows\system32\gameux.dll
[2013.01.09 13:54:14 | 000,055,296 | ---- | c] (microsoft) -- c:\windows\system32\cero.rs
[2013.01.09 13:54:14 | 000,051,712 | ---- | c] (microsoft) -- c:\windows\system32\esrb.rs
[2013.01.09 13:54:14 | 000,023,552 | ---- | c] (microsoft) -- c:\windows\system32\oflc.rs
[2013.01.09 13:54:14 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi-fi.rs
[2013.01.09 13:53:56 | 000,219,136 | ---- | c] (microsoft corporation) -- c:\windows\system32\ncrypt.dll
[2012.12.22 12:34:33 | 000,295,424 | ---- | c] (adobe systems incorporated) -- c:\windows\system32\atmfd.dll
[2012.12.22 12:34:33 | 000,034,304 | ---- | c] (adobe systems) -- c:\windows\system32\atmlib.dll
[2012.12.13 17:36:58 | 000,376,832 | ---- | c] (microsoft corporation) -- c:\windows\system32\dpnet.dll
[2012.12.13 17:36:51 | 000,002,048 | ---- | c] (microsoft corporation) -- c:\windows\system32\tzres.dll
[2012.11.16 17:04:20 | 000,047,720 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\wdfldr.sys
[2012.11.16 17:04:20 | 000,009,728 | ---- | c] (microsoft corporation) -- c:\windows\system32\wdfres.dll
[2012.11.16 17:04:03 | 000,613,888 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfx.dll
[2012.11.16 17:04:03 | 000,172,032 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfplatform.dll
[2012.11.16 17:04:03 | 000,038,912 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfcoinstaller.dll
[2012.11.16 16:59:58 | 000,078,336 | ---- | c] (microsoft corporation) -- c:\windows\system32\synceng.dll
[2012.11.08 15:12:24 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\klett - playway 4
[2012.10.24 21:17:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\apple computer
[2012.10.24 21:17:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\apple computer
[2012.10.24 21:17:25 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\itunes
[2012.10.24 21:17:20 | 000,000,000 | ---d | c] -- c:\windows\system32\drvstore
[2012.10.24 21:16:35 | 000,000,000 | ---d | c] -- c:\program files\ipod
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\program files\itunes
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\programdata\apple computer
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\programdata\188f1432-103a-4ffb-80f1-36b633c5c9e1
[2012.10.24 21:15:52 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\apple
[2012.10.24 21:15:50 | 000,000,000 | ---d | c] -- c:\program files\apple software update
[2012.10.24 21:15:05 | 000,000,000 | ---d | c] -- c:\program files\bonjour
[2012.10.24 21:14:51 | 000,000,000 | ---d | c] -- c:\programdata\apple
[2012.10.24 21:14:51 | 000,000,000 | ---d | c] -- c:\program files\common files\apple
[2012.10.24 18:20:19 | 000,000,000 | ---d | c] -- c:\users\anwender\4.0
[2012.10.24 18:20:19 | 000,000,000 | ---d | c] -- c:\users\anwender\.tfo4
[2012.10.24 18:19:48 | 000,000,000 | ---d | c] -- c:\programdata\sun
[2012.10.24 18:19:47 | 000,000,000 | ---d | c] -- c:\program files\common files\java
[2012.10.24 18:19:27 | 000,472,808 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2012.10.24 18:19:27 | 000,157,472 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2012.10.24 18:19:27 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2012.10.24 18:19:27 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\java.exe
[2012.10.24 18:19:13 | 000,000,000 | ---d | c] -- c:\program files\java
 
========== files - modified within 180 days ==========
 
[2013.04.21 16:45:37 | 000,014,784 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2013.04.21 16:45:37 | 000,014,784 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2013.04.21 16:28:10 | 000,001,940 | ---- | m] () -- c:\users\public\desktop\avira control center.lnk
[2013.04.21 16:26:49 | 000,001,098 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2013.04.21 16:26:40 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
[2013.04.21 16:26:35 | 1559,928,832 | -hs- | m] () -- c:\hiberfil.sys
[2013.04.21 16:17:59 | 000,001,067 | ---- | m] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk
[2013.04.21 16:14:52 | 000,135,136 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avipbb.sys
[2013.04.21 16:14:52 | 000,084,744 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avgntflt.sys
[2013.04.21 16:14:52 | 000,037,352 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avkmgr.sys
[2013.04.21 16:14:52 | 000,028,520 | ---- | m] (avira gmbh) -- c:\windows\system32\drivers\ssmdrv.sys
[2013.04.21 12:45:50 | 000,002,129 | ---- | m] () -- c:\users\public\desktop\google chrome.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | m] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2013.04.02 17:55:00 | 000,001,102 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachineua.job
[2013.03.14 10:41:40 | 000,654,150 | ---- | m] () -- c:\windows\system32\perfh007.dat
[2013.03.14 10:41:40 | 000,616,032 | ---- | m] () -- c:\windows\system32\perfh009.dat
[2013.03.14 10:41:40 | 000,130,022 | ---- | m] () -- c:\windows\system32\perfc007.dat
[2013.03.14 10:41:40 | 000,106,412 | ---- | m] () -- c:\windows\system32\perfc009.dat
[2013.02.14 13:13:07 | 000,269,712 | ---- | m] () -- c:\windows\system32\fntcache.dat
[2013.02.12 15:51:24 | 000,015,872 | ---- | m] (microsoft corporation) -- c:\windows\system32\drivers\usb8023.sys
[2013.02.02 05:38:35 | 001,800,704 | ---- | m] (microsoft corporation) -- c:\windows\system32\jscript9.dll
[2013.02.02 05:30:32 | 001,427,968 | ---- | m] (microsoft corporation) -- c:\windows\system32\inetcpl.cpl
[2013.02.02 05:29:22 | 000,231,936 | ---- | m] (microsoft corporation) -- c:\windows\system32\url.dll
[2013.02.02 05:27:56 | 000,065,024 | ---- | m] (microsoft corporation) -- c:\windows\system32\jsproxy.dll
[2013.02.02 05:26:47 | 000,142,848 | ---- | m] (microsoft corporation) -- c:\windows\system32\ieunatt.exe
[2013.02.02 05:25:16 | 000,607,744 | ---- | m] (microsoft corporation) -- c:\windows\system32\msfeeds.dll
[2013.02.02 05:23:28 | 002,382,848 | ---- | m] (microsoft corporation) -- c:\windows\system32\mshtml.tlb
[2013.02.02 05:20:00 | 000,176,640 | ---- | m] (microsoft corporation) -- c:\windows\system32\ieui.dll
[2013.01.17 02:28:58 | 000,232,336 | ---- | m] (microsoft corporation) -- c:\windows\system32\mpsigstub.exe
[2013.01.05 07:02:17 | 003,957,608 | ---- | m] (microsoft corporation) -- c:\windows\system32\ntkrnlpa.exe
[2013.01.05 07:02:17 | 003,902,312 | ---- | m] (microsoft corporation) -- c:\windows\system32\ntoskrnl.exe
[2013.01.04 06:55:09 | 000,187,240 | ---- | m] (microsoft corporation) -- c:\windows\system32\drivers\fwpkclnt.sys
[2013.01.04 06:50:40 | 000,169,984 | ---- | m] (microsoft corporation) -- c:\windows\system32\winsrv.dll
[2013.01.04 06:43:54 | 000,004,608 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.04 06:43:52 | 000,005,120 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.04 05:00:30 | 002,345,984 | ---- | m] (microsoft corporation) -- c:\windows\system32\win32k.sys
[2013.01.04 04:59:29 | 000,271,360 | ---- | m] (microsoft corporation) -- c:\windows\system32\conhost.exe
[2013.01.04 04:43:35 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.04 04:43:34 | 000,006,144 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.01.04 04:43:34 | 000,004,608 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.04 04:43:34 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.12.16 16:25:27 | 000,295,424 | ---- | m] (adobe systems incorporated) -- c:\windows\system32\atmfd.dll
[2012.12.16 16:25:19 | 000,034,304 | ---- | m] (adobe systems) -- c:\windows\system32\atmlib.dll
[2012.12.07 07:04:20 | 000,308,736 | ---- | m] (microsoft corporation) -- c:\windows\system32\wpc.dll
[2012.12.07 06:57:38 | 002,576,384 | ---- | m] (microsoft corporation) -- c:\windows\system32\gameux.dll
[2012.12.07 05:21:08 | 000,045,568 | ---- | m] (microsoft) -- c:\windows\system32\oflc-nz.rs
[2012.12.07 05:21:08 | 000,044,544 | ---- | m] (microsoft) -- c:\windows\system32\pegibbfc.rs
[2012.12.07 05:21:08 | 000,043,520 | ---- | m] (microsoft) -- c:\windows\system32\csrr.rs
[2012.12.07 05:21:08 | 000,030,720 | ---- | m] (microsoft) -- c:\windows\system32\usk.rs
[2012.12.07 05:21:08 | 000,023,552 | ---- | m] (microsoft) -- c:\windows\system32\oflc.rs
[2012.12.07 05:21:07 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi-pt.rs
[2012.12.07 05:21:06 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi-fi.rs
[2012.12.07 05:21:06 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi.rs
[2012.12.07 05:21:05 | 000,055,296 | ---- | m] (microsoft) -- c:\windows\system32\cero.rs
[2012.12.07 05:21:05 | 000,051,712 | ---- | m] (microsoft) -- c:\windows\system32\esrb.rs
[2012.12.07 05:21:05 | 000,046,592 | ---- | m] (microsoft) -- c:\windows\system32\fpb.rs
[2012.12.07 05:21:05 | 000,021,504 | ---- | m] (microsoft) -- c:\windows\system32\grb.rs
[2012.12.07 05:21:04 | 000,040,960 | ---- | m] (microsoft) -- c:\windows\system32\cob-au.rs
[2012.12.07 05:21:04 | 000,015,360 | ---- | m] (microsoft) -- c:\windows\system32\djctq.rs
[2012.11.20 07:10:07 | 000,219,136 | ---- | m] (microsoft corporation) -- c:\windows\system32\ncrypt.dll
[2012.11.09 06:49:37 | 000,002,048 | ---- | m] (microsoft corporation) -- c:\windows\system32\tzres.dll
[2012.11.08 15:12:25 | 000,002,699 | ---- | m] () -- c:\users\public\desktop\playway 4 cd-rom.lnk
[2012.11.02 06:48:28 | 000,376,832 | ---- | m] (microsoft corporation) -- c:\windows\system32\dpnet.dll
[2012.10.24 21:17:25 | 000,001,753 | ---- | m] () -- c:\users\public\desktop\itunes.lnk
[2012.10.24 18:19:16 | 000,472,808 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2012.10.24 18:19:16 | 000,157,472 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2012.10.24 18:19:16 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2012.10.24 18:19:16 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\java.exe
 
========== files created - no company name ==========
 
[2013.04.21 16:34:46 | 000,010,084 | ---- | c] () -- c:\windows\system32\drivers\nvphy.bin
[2013.04.21 16:28:10 | 000,001,940 | ---- | c] () -- c:\users\public\desktop\avira control center.lnk
[2013.04.21 16:17:59 | 000,001,067 | ---- | c] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk
[2012.11.16 17:04:21 | 000,000,003 | ---- | c] () -- c:\windows\system32\drivers\msftwdf_kernel_01011_inbox_critical.wdf
[2012.11.16 17:04:03 | 000,000,003 | ---- | c] () -- c:\windows\system32\drivers\msftwdf_user_01_11_00_inbox_critical.wdf
[2012.11.08 15:12:25 | 000,002,699 | ---- | c] () -- c:\users\public\desktop\playway 4 cd-rom.lnk
[2012.10.24 21:17:25 | 000,001,753 | ---- | c] () -- c:\users\public\desktop\itunes.lnk
[2012.10.24 21:15:50 | 000,002,519 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\apple software update.lnk
[2010.05.30 10:56:09 | 000,000,760 | ---- | c] () -- c:\users\anwender\appdata\roaming\setup_ldm.iss
 
========== zeroaccess check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | rhs- | m] () -- c:\windows\assembly\desktop.ini
 
[hkey_current_user\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
 
[hkey_current_user\software\classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\inprocserver32]
 
[hkey_local_machine\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
"" = %systemroot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | m] (microsoft corporation)
"threadingmodel" = apartment
 
[hkey_local_machine\software\classes\clsid\{5839fca9-774d-42a1-acda-d6a79037f57f}\inprocserver32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | m] (microsoft corporation)
"threadingmodel" = free
 
[hkey_local_machine\software\classes\clsid\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\inprocserver32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | m] (microsoft corporation)
"threadingmodel" = both

< end of report >

--- --- ---

[/quote]

extras.txt:
OTL Logfile:

Code:

ATTFilter

otl extras logfile created on: 21.04.2013 16:44:25 - run 1
otl by oldtimer - version 3.2.69.0     folder = c:\users\anwender\downloads
 home premium edition  (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
 
1,94 gb total physical memory | 1,18 gb available physical memory | 61,01% memory free
3,87 gb paging file | 2,87 gb available in paging file | 73,98% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 465,66 gb total space | 421,25 gb free space | 90,46% space free | partition type: Ntfs
 
computer name: Anwender-pc | user name: Anwender | logged in as administrator.
Boot mode: Normal | scan mode: All users
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 180 days
 
========== extra registry (safelist) ==========
 
 
========== file associations ==========
 
[hkey_local_machine\software\classes\<extension>]
.cpl [@ = cplfile] -- c:\windows\system32\control.exe (microsoft corporation)
.hlp [@ = hlpfile] -- c:\windows\winhlp32.exe (microsoft corporation)
 
========== shell spawning ==========
 
[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation)
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Hlpfile [open] -- %systemroot%\winhlp32.exe %1 (microsoft corporation)
htmlfile [edit] -- reg error: Key error.
Htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,printhtml "%1"
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
 
========== security center settings ==========
 
[hkey_local_machine\software\microsoft\security center]
"cval" = 0
 
[hkey_local_machine\software\microsoft\security center\monitoring]
 
[hkey_local_machine\software\microsoft\security center\svc]
"vistasp1" = reg error: Unknown registry data type -- file not found
"antivirusoverride" = 0
"antispywareoverride" = 0
"firewalloverride" = 0
 
========== firewall settings ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
========== authorized applications list ==========
 
 
========== vista active open ports exception list ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{15682f4b-9d73-476d-8abd-c3213803c436}" = lport=139 | protocol=6 | dir=in | app=system | 
"{260305e8-70ea-4cd1-be57-637cf9873b28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30663f4d-77e2-4c55-9ce3-536457e90f28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3ed4728f-bcb7-4f6e-9f28-1c6481d0ef00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4a4ac904-8c1f-45a0-a6bb-35578b509c02}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6b723652-a341-4d03-8ff5-80d0ca4a1917}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6e3d0c8d-58eb-4155-ae13-57de214493b9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{70338daa-51e9-4817-8ceb-7299ee835d86}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{721933cc-96ea-4883-82c6-65144ba2beb3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7b5f1dc9-c85e-4451-9435-75d4c32e3812}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9976fa6e-ac61-44d3-a283-699f4b6d27b4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9d521eeb-861b-4d01-948f-c08c15110945}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9f2e9688-9015-4d22-9dc4-c79b5bf6ac74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{af35ff50-4f2d-47e9-9330-ceef1f8d851a}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{b237fd5a-3faa-4589-aeba-b218623daace}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ca880501-ee3e-4028-ad44-b8967caa6f86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ddd125eb-3cae-4174-bca1-b12555a64f47}" = rport=137 | protocol=17 | dir=out | app=system | 
"{e58a8171-8785-4362-96fa-c4b09e45ef35}" = rport=139 | protocol=6 | dir=out | app=system | 
"{e8b95b1b-4486-4059-941e-4db8083286a7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{e9aa2ec5-7380-4a65-8a42-840385013f44}" = lport=137 | protocol=17 | dir=in | app=system | 
"{f538f7e6-f04d-4a19-9a8f-4e8b1d2c8194}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{f59c4cfc-b538-45d0-b16b-fd10c605c449}" = rport=445 | protocol=6 | dir=out | app=system | 
"{fa7896e3-41ee-45bd-a070-fc87b708cbb9}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== vista active application exception list ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{018f1735-e031-45ba-9f52-4d527b50e513}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{0313e384-91cf-4cbc-a8c2-ebb07c6c8523}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{0c1b7e5d-e504-4830-a877-8a6908a562d5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0f3daac2-6a04-4d23-9a0d-1b72b0053b01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{10650589-32a2-4453-9c74-460516361089}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{195dc63b-b99b-43a0-b6b2-bca87f65e0d0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{19f370f8-d451-4781-baf1-f1fa0cb80103}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{1c52ef5a-6375-42fc-b0f7-05f1e47fbe72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{215ba85a-4581-4c39-99a8-4dfaffe321f8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{237695db-b3fb-46f9-b1f2-9367affca8ad}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{25a853a5-9701-4000-9956-4c4bddd4635c}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{29a0fa61-ed5b-4d92-82a7-cfdf9ddfbbc9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{29b6945b-f925-4e1c-bd22-f35f342bf3ab}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{38ccdee7-4464-4116-afd0-d3a10d39b9e3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{444e22c9-da89-4c64-a7c5-e59c327159b7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4ff494fb-12f0-4a05-9173-2d854f160cd1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{575c5c70-41dd-44a4-9a21-2f83b1bc5d18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5fb1b719-a9f2-4e8f-beba-9356753acab4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8d5f8688-dfb1-4bd1-9c95-8216b85f2dd1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97a3ba19-58d1-492d-86a8-b3c6b4784dd0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{99f0dc9b-6f5d-4cf9-82bc-db2dae269518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9b263263-1b10-42e3-94ef-492d6da6e271}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9b7dfaa4-9aa7-4231-b58a-164f0089b34c}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{a01879ca-cb21-4075-add8-199ba49401d2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{a5823e25-76d8-4c13-be55-660977702b98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{a698630b-7888-4cbc-9b2d-3bc95c447462}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{b849dda3-cb9e-4e88-8148-c05a4e6142a4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{bc95f758-af15-45d5-beec-eed9b421845e}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{d2d2887f-b2c8-4f6e-9c9f-9fa9e38a1e5e}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{d83fd2de-b0b9-4949-915b-eadb6f4a2505}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{de747acc-8933-4953-9818-83d3abce8829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{de836bac-07cd-4296-9c90-29ce5f687f0a}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{df93638a-7b8a-4643-b060-b28c9c96b7ff}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{e0992697-16ea-418a-83ea-93116ac86919}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{ea2d15f6-0c3c-43b3-8643-27f9b943351f}" = protocol=6 | dir=out | app=system | 
"{ebfbb4bf-01d8-429b-840e-1bc2da993b6d}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{ed782b2a-53db-4584-9269-7753a5089030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{fd2fc667-5f9d-43d3-be67-1ea3a834c7bc}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"tcp query user{3df6cf64-3fe4-439d-9e2f-b5b2b9ea9030}c:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"udp query user{5e006ce9-981c-4516-949b-b39a9eb1faf9}c:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== hkey_local_machine uninstall list ==========
 
[hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{0c826c5b-b131-423a-a229-c71b3caccd6a}" = cddrv_installer
"{0f367ca3-3b2f-43f9-a44a-25a8ee69e45d}" = scan
"{0f6f6876-6334-4977-b5dd-cfc12e193420}" = itunes
"{1199fad5-9546-44f3-81cf-ffdb8040b7bf}_canon_mg5100_series" = canon mg5100 series mp drivers
"{17285384-0749-44af-b75d-2ea74dc58822}" = playway 3
"{175f0111-2968-4935-8f70-33108c6a4de3}" = marketresearch
"{18455581-e099-4ba8-bc6b-f34b2f06600c}" = google toolbar for internet explorer
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
"{21a2f5ee-1dc5-488a-be7e-e526f8c61488}" = devicediscovery
"{2318c2b1-4965-11d4-9b18-009027a5cd4f}" = google toolbar for internet explorer
"{26a24ae4-039d-4ca4-87b4-2f83216029ff}" = java(tm) 6 update 29
"{2eea7aa4-c203-4b90-a34f-19fb7ef1c81c}" = bufferchm
"{3101cb58-3482-4d21-af1a-7057fc935355}" = khalinstallwrapper
"{3a4d5e2d-988d-4ee9-8e7f-3ac200a2b8f5}" = 4500g510nz_software_min
"{3c3901c5-3455-3e0a-a214-0b093a5070a6}" = microsoft .net framework 4 client profile
"{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}" = erlt
"{43cdf946-f5d9-4292-b006-ba0d92013021}" = webreg
"{440b915a-0c85-45db-92ae-75ae14704a64}" = fax
"{4a03706f-666a-4037-7777-5f2748764d10}" = java auto updater
"{4a70ef07-7f88-4434-bb61-d1de8ae93dd4}" = solutioncenter
"{5b05ff91-f20c-4832-a8de-e1912639c17c}" = 4500g510nz
"{5fdd02c7-9a97-43ed-9bc2-892c3a67aa26}" = playway 2
"{612c34c7-5e90-47d8-9b5c-0f717dd82726}" = swmsm
"{63ec2120-1742-4625-aa47-c6a8aec9c64c}" = apple application support
"{63ff21c9-a810-464f-b60a-3111747b1a6d}" = gpbaseservice2
"{67aad4a9-b77c-452b-ae50-9ee8af4bc350}" = playway 4
"{68a10d12-0d0f-4212-bde6-d87fad32a8fa}" = smartwebprinting
"{690879a5-18ef-447b-98d6-b699d51008ab}" = 4500_g510nz_help
"{6b2ffb21-ac88-45c3-9a7d-4bb3e744ec91}" = hpssupply
"{6bba26e9-ab03-4fe7-831a-3535584ca002}" = toolbox
"{7059bda7-e1db-442c-b7a1-6144596720a4}" = hp update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable
"{789a5b64-9dd9-4ba5-915a-f0fc0a1b7bfe}" = apple software update
"{79155f2b-9895-49d7-8612-d92580e0de5b}" = bonjour
"{7e0e61cc-1c99-429d-bea7-c4dd5b898d2a}" = hp officejet 4500 g510n-z
"{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules
"{92127af5-fdd8-4adf-bc40-c356c9ee0b7d}" = 32 bit hp cio components installer
"{92a51949-ee4c-466d-aaf0-99e74a49a63f}" = docmgr
"{9b362566-ec1b-4700-bb9c-ec661bde2175}" = docproc
"{a92dab39-4e2c-4304-9ab6-bc44e68b55e2}" = google update helper
"{ac76ba86-7ad7-1031-7b44-aa1000000001}" = adobe reader x (10.1.4) - deutsch
"{ae8705fb-e13c-40a9-8a2d-68d6733fbfc2}" = status
"{aec0cebc-0fc7-4716-8222-1c4a742719b1}" = samsung master
"{b2455727-ed8f-4643-8a6e-f4ab8de3633d}" = network
"{bd7204ba-dd64-499e-9b55-6a282cdf4fa4}" = destinations
"{c43326f5-f135-4551-8270-7f7aba0462e1}" = hpproductassistant
"{d4ddfaa1-ec37-4529-ad5b-a433ade68662}" = apple mobile device support
"{dc0a5f99-fd66-433f-9d3a-05dcba64be42}" = trayapp
"{f0c3e5d1-1ade-321e-8167-68ef0de699a5}" = microsoft visual c++ 2010  x86 redistributable - 10.0.40219
"{f29b21bd-caa6-445f-8ef7-a7e2b9d8b14e}" = logitech setpoint
"{f750c986-5310-3a5a-95f8-4ec71c8ac01c}" = microsoft .net framework 4 client profile deu language pack
"adobe flash player activex" = adobe flash player 10 activex
"adobe shockwave player" = adobe shockwave player 11.6
"avira antivir desktop" = avira free antivirus
"canon mg5100 series benutzerregistrierung" = canon mg5100 series benutzerregistrierung
"canonmyprinter" = canon my printer
"canonsolutionmenuex" = canon solution menu ex
"die förderpyramide 1" = die förderpyramide 1
"easy-photoprint ex" = canon easy-photoprint ex
"google chrome" = google chrome
"hp document manager" = hp document manager 2.0
"hp imaging device functions" = hp imaging device functions 13.0
"hp smart web printing" = hp smart web printing 4.5
"hp solution center & imaging support tools" = hp solution center 13.0
"hpextendedcapabilities" = hp customer participation program 13.0
"hpocr" = ocr software by i.r.i.s. 13.0
"malwarebytes' anti-malware_is1" = malwarebytes Anti-Malware version 1.75.0.1300
"microsoft .net framework 4 client profile" = microsoft .net framework 4 client profile
"microsoft .net framework 4 client profile deu language pack" = microsoft .net framework 4 client profile deu language pack
"mp navigator ex 4.0" = canon mp navigator ex 4.0
"nvidia drivers" = nvidia drivers
"origin" = origin
"pc-kids deutsch 4_is1" = pc-kids deutsch 4
"pc-kids mathematik 3_is1" = pc-kids mathematik 3
"shop for hp supplies" = shop for hp supplies
"tomtom home" = tomtom home 2.8.4.2596
 
========== last 20 event log errors ==========
 
[ application events ]
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
 
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 6193
 
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 6193
 
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
 
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 7207
 
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 7207
 
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
 
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 8206
 
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 8206
 
error - 21.04.2013 11:05:03 | computer name = anwender-pc | source = application error | id = 1000
description = name der fehlerhaften anwendung: Origin.exe, version: 9.1.15.109, 
zeitstempel: 0x514b5484  name des fehlerhaften moduls: Originclient.dll, version: 
9.1.15.109, zeitstempel: 0x514b5468  ausnahmecode: 0xc0000005  fehleroffset: 0x00298b9d
id
 des fehlerhaften prozesses: 0x8fc  startzeit der fehlerhaften anwendung: 0x01ce3ea18f05e4e0
pfad
 der fehlerhaften anwendung: C:\program files\origin\origin.exe  pfad des fehlerhaften
 moduls: C:\program files\origin\originclient.dll  berichtskennung: D7764bc0-aa94-11e2-8cfc-00241da4cf5c
 
[ system events ]
error - 21.04.2013 11:07:02 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:08:11 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:10:27 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:06:15 | computer name = anwender-pc | source = eventlog | id = 6008
description = das system wurde zuvor am ?21.?04.?2013 um 15:53:59 unerwartet heruntergefahren.
 
Error - 21.04.2013 11:06:21 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:08:36 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:12:29 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:14:42 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:26:49 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:28:51 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
 
< end of report >

--- --- ---

mnjakob · 21.04.2013, 15:55

Otl.txt:
OTL Logfile:

Code:

ATTFilter

otl logfile created on: 21.04.2013 16:44:25 - run 1
otl by oldtimer - version 3.2.69.0     folder = c:\users\anwender\downloads
 home premium edition  (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
 
1,94 gb total physical memory | 1,18 gb available physical memory | 61,01% memory free
3,87 gb paging file | 2,87 gb available in paging file | 73,98% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 465,66 gb total space | 421,25 gb free space | 90,46% space free | partition type: Ntfs
 
computer name: Anwender-pc | user name: Anwender | logged in as administrator.
Boot mode: Normal | scan mode: All users
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 180 days
 
========== processes (safelist) ==========
 
prc - [2013.04.21 16:43:20 | 000,602,112 | ---- | m] (oldtimer tools) -- c:\users\anwender\downloads\otl.exe
prc - [2013.04.21 16:14:23 | 000,086,752 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\sched.exe
prc - [2013.04.21 16:13:47 | 000,079,584 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avshadow.exe
prc - [2013.04.21 16:13:41 | 000,110,816 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avguard.exe
prc - [2013.04.21 16:13:40 | 000,345,312 | ---- | m] (avira operations gmbh & co. Kg) -- c:\programme\avira\antivir desktop\avgnt.exe
prc - [2013.02.02 06:19:04 | 000,757,296 | ---- | m] (microsoft corporation) -- c:\programme\internet explorer\iexplore.exe
prc - [2013.01.15 17:48:47 | 000,308,368 | ---- | m] (google inc.) -- c:\programme\google\google toolbar\googletoolbaruser_32.exe
prc - [2012.07.27 22:51:26 | 000,063,960 | ---- | m] (adobe systems incorporated) -- c:\programme\common files\adobe\arm\1.0\armsvc.exe
prc - [2012.04.20 07:59:04 | 000,092,592 | ---- | m] (tomtom) -- c:\programme\tomtom home 2\tomtomhomeservice.exe
prc - [2012.04.20 07:59:02 | 000,247,728 | ---- | m] (tomtom) -- c:\programme\tomtom home 2\tomtomhomerunner.exe
prc - [2011.02.26 07:33:07 | 002,614,784 | ---- | m] (microsoft corporation) -- c:\windows\explorer.exe
prc - [2010.04.02 11:18:54 | 001,185,112 | ---- | m] (canon inc.) -- c:\programme\canon\solution menu ex\cnsemain.exe
prc - [2010.03.25 04:50:00 | 002,516,296 | ---- | m] (canon inc.) -- c:\programme\canon\myprinter\bjmyprt.exe
prc - [2009.07.14 03:14:47 | 001,121,280 | ---- | m] (microsoft corporation) -- c:\programme\windows media player\wmpnetwk.exe
prc - [2009.07.14 03:14:42 | 000,049,152 | ---- | m] (microsoft corporation) -- c:\windows\system32\taskhost.exe
prc - [2008.05.02 02:44:08 | 000,805,392 | ---- | m] (logitech, inc.) -- c:\programme\logitech\setpoint\setpoint.exe
prc - [2008.05.02 02:40:56 | 000,076,304 | ---- | m] (logitech, inc.) -- c:\programme\common files\logishrd\khal2\khalmnpr.exe
prc - [2007.12.20 15:19:46 | 000,293,168 | ---- | m] (avm berlin) -- c:\programme\avmwlanstick\fritzwlanmini.exe
 
 
========== modules (no company name) ==========
 
mod - [2012.08.27 21:33:32 | 000,087,912 | ---- | m] () -- c:\programme\common files\apple\apple application support\zlib1.dll
mod - [2012.08.27 21:33:08 | 001,242,512 | ---- | m] () -- c:\programme\common files\apple\apple application support\libxml2.dll
 
 
========== services (safelist) ==========
 
srv - [2013.04.21 16:14:23 | 000,086,752 | ---- | m] (avira operations gmbh & co. Kg) [auto | running] -- c:\programme\avira\antivir desktop\sched.exe -- (antivirschedulerservice)
srv - [2013.04.21 16:13:41 | 000,110,816 | ---- | m] (avira operations gmbh & co. Kg) [auto | running] -- c:\programme\avira\antivir desktop\avguard.exe -- (antivirservice)
srv - [2012.07.27 22:51:26 | 000,063,960 | ---- | m] (adobe systems incorporated) [auto | running] -- c:\programme\common files\adobe\arm\1.0\armsvc.exe -- (adobearmservice)
srv - [2012.04.20 07:59:04 | 000,092,592 | ---- | m] (tomtom) [auto | running] -- c:\programme\tomtom home 2\tomtomhomeservice.exe -- (tomtomhomeservice)
srv - [2009.07.14 03:16:13 | 000,025,088 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\sensrsvc.dll -- (sensrsvc)
srv - [2009.07.14 03:15:41 | 000,680,960 | ---- | m] (microsoft corporation) [auto | running] -- c:\programme\windows defender\mpsvc.dll -- (windefend)
srv - [2009.07.14 03:14:47 | 001,121,280 | ---- | m] (microsoft corporation) [auto | running] -- c:\programme\windows media player\wmpnetwk.exe -- (wmpnetworksvc)
srv - [2008.05.02 02:42:06 | 000,121,360 | ---- | m] (logitech, inc.) [on_demand | stopped] -- c:\programme\common files\logishrd\bluetooth\lbtserv.exe -- (lbtserv)
 
 
========== driver services (safelist) ==========
 
drv - [2013.04.21 16:14:52 | 000,135,136 | ---- | m] (avira operations gmbh & co. Kg) [kernel | system | running] -- c:\windows\system32\drivers\avipbb.sys -- (avipbb)
drv - [2013.04.21 16:14:52 | 000,084,744 | ---- | m] (avira operations gmbh & co. Kg) [file_system | auto | running] -- c:\windows\system32\drivers\avgntflt.sys -- (avgntflt)
drv - [2013.04.21 16:14:52 | 000,037,352 | ---- | m] (avira operations gmbh & co. Kg) [kernel | system | running] -- c:\windows\system32\drivers\avkmgr.sys -- (avkmgr)
drv - [2013.04.21 16:14:52 | 000,028,520 | ---- | m] (avira gmbh) [kernel | system | stopped] -- c:\windows\system32\drivers\ssmdrv.sys -- (ssmdrv)
drv - [2010.04.08 20:32:36 | 000,215,656 | ---- | m] (nvidia corporation) [kernel | boot | stopped] -- c:\windows\system32\drivers\nvstor32.sys -- (nvstor32)
drv - [2010.03.04 12:26:56 | 000,296,936 | ---- | m] (nvidia corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nvmf6232.sys -- (nvnet)
drv - [2009.07.14 01:51:11 | 000,034,944 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\winusb.sys -- (winusb)
drv - [2009.07.14 00:02:52 | 000,347,264 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nvm62x32.sys -- (nvenetfd)
drv - [2009.06.10 23:19:48 | 009,853,248 | ---- | m] (nvidia corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nvlddmkm.sys -- (nvlddmkm)
drv - [2008.02.29 03:13:24 | 000,036,880 | ---- | m] (logitech, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lmoufilt.sys -- (lmoufilt)
drv - [2008.02.29 03:13:16 | 000,035,344 | ---- | m] (logitech, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lhidfilt.sys -- (lhidfilt)
drv - [2007.12.19 02:00:00 | 000,401,920 | ---- | m] (avm gmbh) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\fwlanusbn.sys -- (fwlanusbn)
drv - [2007.11.07 03:00:00 | 000,004,352 | ---- | m] (avm berlin) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\avmeject.sys -- (avmeject)
 
 
========== standard registry (safelist) ==========
 
 
========== internet explorer ==========
 
ie - hklm\..\searchscopes,defaultscope = 
ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
 
 
ie - hku\.default\..\searchscopes,defaultscope = 
ie - hku\.default\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
 
ie - hku\s-1-5-18\..\searchscopes,defaultscope = 
ie - hku\s-1-5-18\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
 
ie - hku\s-1-5-19\..\searchscopes,defaultscope = 
 
ie - hku\s-1-5-20\..\searchscopes,defaultscope = 
 
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page = Google
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = de
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\internet explorer\main,start page redirect cache_timestamp = 60 d8 68 f2 f1 6c ca 01  [binary data]
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\urlsearchhook:  - no clsid value found
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-21-517919386-2500931453-121362134-1000\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = fritz.box;192.168.178.1;192.168.178.254;169.254.1.1;*.local
 
 
========== firefox ==========
 
ff - hklm\software\mozillaplugins\@adobe.com/shockwaveplayer: C:\windows\system32\adobe\director\np32dsw.dll (adobe systems, inc.)
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=:  File not found
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=1.0: C:\program files\itunes\mozilla plugins\npitunes.dll ()
ff - hklm\software\mozillaplugins\@canon.com/eppex: C:\program files\canon\easy-photoprint ex\npezffpi.dll (canon inc.)
ff - hklm\software\mozillaplugins\@java.com/javaplugin: C:\program files\java\jre6\bin\new_plugin\npjp2.dll (sun microsystems, inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=3: C:\program files\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=9: C:\program files\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\adobe reader: C:\program files\adobe\reader 10.0\reader\air\nppdf32.dll (adobe systems inc.)
 
ff - hkey_local_machine\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: C:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2010.12.13 21:28:44 | 000,000,000 | ---d | m]
ff - hkey_current_user\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: C:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2010.12.13 21:28:44 | 000,000,000 | ---d | m]
 
[2012.06.06 18:08:23 | 000,000,000 | ---d | m] (no name found) -- c:\users\anwender\appdata\roaming\mozilla\extensions
[2012.06.06 18:08:23 | 000,000,000 | ---d | m] (no name found) -- c:\users\anwender\appdata\roaming\mozilla\extensions\home2@tomtom.com
 
========== chrome  ==========
 
chr - default_search_provider: Google (enabled)
chr - default_search_provider: Search_url = {google:baseurl}search?q={searchterms}&{google:rlz}{google:acceptedsuggestion}{google:originalqueryforsuggestion}{google:searchfieldtrialparameter}sourceid=chrome&ie={inputencoding}
chr - default_search_provider: Suggest_url = {google:basesuggesturl}search?{google:searchfieldtrialparameter}client=chrome&hl={language}&q={searchterms}
chr - homepage: Google
 
o1 hosts file: ([2009.06.10 23:39:37 | 000,000,824 | ---- | m]) - c:\windows\system32\drivers\etc\hosts
o4 - hklm..\run: [apsdaemon] c:\program files\common files\apple\apple application support\apsdaemon.exe (apple inc.)
o4 - hklm..\run: [avgnt] c:\program files\avira\antivir desktop\avgnt.exe (avira operations gmbh & co. Kg)
o4 - hklm..\run: [avmwlanclient] c:\programme\avmwlanstick\fritzwlanmini.exe (avm berlin)
o4 - hklm..\run: [canonmyprinter] c:\program files\canon\myprinter\bjmyprt.exe (canon inc.)
o4 - hklm..\run: [canonsolutionmenuex] c:\program files\canon\solution menu ex\cnsemain.exe (canon inc.)
o4 - hklm..\run: [kernel and hardware abstraction layer] c:\windows\khalmnpr.exe (logitech, inc.)
o4 - hku\s-1-5-21-517919386-2500931453-121362134-1000..\run: [eadm] c:\program files\origin\origin.exe (electronic arts)
o4 - hku\s-1-5-21-517919386-2500931453-121362134-1000..\run: [tomtomhome.exe] c:\program files\tomtom home 2\tomtomhomerunner.exe (tomtom)
o4 - hku\s-1-5-19..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o4 - hku\s-1-5-20..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 5
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3
o10 - namespace_catalog5\catalog_entries\000000000007 [] - c:\programme\bonjour\mdnsnsp.dll (apple inc.)
o13 - gopher prefix: Missing
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted domains: Fritz.box ([]* in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range1 ([*] in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range2 ([*] in local intranet)
o15 - hku\s-1-5-21-517919386-2500931453-121362134-1000\..trusted ranges: Range3 ([*] in local intranet)
o16 - dpf: {166b1bca-3f9c-11cf-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (shockwave activex control)
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u29-windows-i586.cab (java plug-in 1.6.0_29)
o16 - dpf: {cafeefac-0016-0000-0029-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (java plug-in 1.6.0_29)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (java plug-in 1.6.0_29)
o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 80.69.103.78 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{383b7c90-76db-45e0-89f5-6d048e2e3b91}: Dhcpnameserver = 192.168.178.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{47abd2cd-0c9e-4f84-b0a6-ce1599779cc8}: Dhcpnameserver = 80.69.103.78 192.168.0.1
o20 - hklm winlogon: Shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20 - hklm winlogon: Userinit - (c:\windows\system32\userinit.exe) - c:\windows\system32\userinit.exe (microsoft corporation)
o20 - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - c:\windows\system32\systempropertiesperformance.exe (microsoft corporation)
o20 - winlogon\notify\lbtwlgn: Dllname - (c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll) - c:\programme\common files\logishrd\bluetooth\lbtwlgn.dll (logitech, inc.)
o21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
O32 - hklm cdrom: Autorun - 1
o32 - autorun file - [2009.06.10 23:42:20 | 000,000,024 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o33 - mountpoints2\{126eb3c7-d91f-11de-92f8-806e6f6e6963}\shell - "" = autorun
o33 - mountpoints2\{126eb3c7-d91f-11de-92f8-806e6f6e6963}\shell\autorun\command - "" = d:\reatogomenu.exe
o33 - mountpoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\shell - "" = autorun
o33 - mountpoints2\{ef3020fc-db46-11de-83b1-00241da4cf5c}\shell\autorun\command - "" = e:\pushinst.exe
o34 - hklm bootexecute: (autocheck autochk *)
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
o38 - subsystems\\windows: (serverdll=winsrv:userserverdllinitialization,3)
o38 - subsystems\\windows: (serverdll=winsrv:conserverdllinitialization,2)
o38 - subsystems\\windows: (serverdll=sxssrv,4)
 
========== files/folders - created within 180 days ==========
 
[2013.04.21 21:14:43 | 002,237,440 | r--- | c] (oldtimer tools) -- c:\otlpe.exe
[2013.04.21 21:14:43 | 000,000,000 | ---d | c] -- c:\_otl
[2013.04.21 16:34:46 | 000,758,784 | ---- | c] (nvidia corporation) -- c:\windows\system32\cohelper.dll
[2013.04.21 16:34:45 | 000,000,000 | ---d | c] -- c:\program files\nvidia corporation
[2013.04.21 16:34:19 | 000,953,856 | ---- | c] (nvidia corporation) -- c:\windows\system32\fdco2.dll
[2013.04.21 16:34:19 | 000,372,840 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvraiins.dll
[2013.04.21 16:34:19 | 000,372,840 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvraidco.dll
[2013.04.21 16:34:19 | 000,296,936 | ---- | c] (nvidia corporation) -- c:\windows\system32\drivers\nvmf6232.sys
[2013.04.21 16:34:19 | 000,215,656 | ---- | c] (nvidia corporation) -- c:\windows\system32\drivers\nvstor32.sys
[2013.04.21 16:34:19 | 000,207,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvconrm.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoptb.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoit.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcofr.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoesm.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoes.dll
[2013.04.21 16:34:19 | 000,018,024 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcode.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcosv.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoru.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcono.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrconl.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcofi.dll
[2013.04.21 16:34:19 | 000,017,512 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoda.dll
[2013.04.21 16:34:19 | 000,017,000 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoenu.dll
[2013.04.21 16:34:19 | 000,017,000 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoeng.dll
[2013.04.21 16:34:19 | 000,015,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoko.dll
[2013.04.21 16:34:19 | 000,015,464 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcoja.dll
[2013.04.21 16:34:19 | 000,014,952 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcozht.dll
[2013.04.21 16:34:19 | 000,014,952 | ---- | c] (nvidia corporation) -- c:\windows\system32\nvrcozhc.dll
[2013.04.21 16:33:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\avira
[2013.04.21 16:28:10 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\avira
[2013.04.21 16:27:57 | 000,028,520 | ---- | c] (avira gmbh) -- c:\windows\system32\drivers\ssmdrv.sys
[2013.04.21 16:27:56 | 000,135,136 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avipbb.sys
[2013.04.21 16:27:56 | 000,084,744 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avgntflt.sys
[2013.04.21 16:27:56 | 000,037,352 | ---- | c] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avkmgr.sys
[2013.04.21 16:27:53 | 000,000,000 | ---d | c] -- c:\programdata\avira
[2013.04.21 16:27:53 | 000,000,000 | ---d | c] -- c:\program files\avira
[2013.04.21 16:18:22 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\malwarebytes
[2013.04.21 16:17:58 | 000,000,000 | ---d | c] -- c:\programdata\malwarebytes
[2013.04.21 16:17:57 | 000,022,856 | ---- | c] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2013.04.21 16:17:57 | 000,000,000 | ---d | c] -- c:\program files\malwarebytes' anti-malware
[2013.04.21 16:17:44 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\programs
[2013.04.21 13:39:07 | 000,000,000 | ---d | c] -- c:\system-sicherheit_mj
[2013.04.02 18:43:05 | 000,015,872 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\usb8023.sys
[2013.03.13 13:39:51 | 002,382,848 | ---- | c] (microsoft corporation) -- c:\windows\system32\mshtml.tlb
[2013.03.13 13:39:49 | 000,065,024 | ---- | c] (microsoft corporation) -- c:\windows\system32\jsproxy.dll
[2013.03.13 13:39:45 | 000,607,744 | ---- | c] (microsoft corporation) -- c:\windows\system32\msfeeds.dll
[2013.03.13 13:39:45 | 000,176,640 | ---- | c] (microsoft corporation) -- c:\windows\system32\ieui.dll
[2013.03.13 13:39:45 | 000,142,848 | ---- | c] (microsoft corporation) -- c:\windows\system32\ieunatt.exe
[2013.03.13 13:39:44 | 001,800,704 | ---- | c] (microsoft corporation) -- c:\windows\system32\jscript9.dll
[2013.03.13 13:39:44 | 000,231,936 | ---- | c] (microsoft corporation) -- c:\windows\system32\url.dll
[2013.03.13 13:39:43 | 001,427,968 | ---- | c] (microsoft corporation) -- c:\windows\system32\inetcpl.cpl
[2013.02.14 12:32:43 | 002,345,984 | ---- | c] (microsoft corporation) -- c:\windows\system32\win32k.sys
[2013.02.14 12:32:41 | 003,957,608 | ---- | c] (microsoft corporation) -- c:\windows\system32\ntkrnlpa.exe
[2013.02.14 12:32:41 | 003,902,312 | ---- | c] (microsoft corporation) -- c:\windows\system32\ntoskrnl.exe
[2013.02.14 12:32:38 | 000,187,240 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\fwpkclnt.sys
[2013.02.14 12:32:33 | 000,271,360 | ---- | c] (microsoft corporation) -- c:\windows\system32\conhost.exe
[2013.02.14 12:32:33 | 000,169,984 | ---- | c] (microsoft corporation) -- c:\windows\system32\winsrv.dll
[2013.02.14 12:32:33 | 000,005,120 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,608 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.02.14 12:32:33 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.02.14 12:32:33 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.14 12:32:32 | 000,006,144 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.02.14 12:32:32 | 000,004,608 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.14 12:32:32 | 000,004,096 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,584 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.02.14 12:32:32 | 000,003,072 | -h-- | c] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.18 19:07:25 | 000,000,000 | ---d | c] -- c:\program files\origin games
[2013.01.18 19:07:25 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\origin
[2013.01.18 19:06:45 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\origin
[2013.01.18 19:02:13 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\origin
[2013.01.18 19:02:12 | 000,000,000 | ---d | c] -- c:\programdata\origin
[2013.01.18 19:02:12 | 000,000,000 | ---d | c] -- c:\programdata\electronic arts
[2013.01.18 19:01:51 | 000,000,000 | ---d | c] -- c:\program files\origin
[2013.01.09 13:54:16 | 000,308,736 | ---- | c] (microsoft corporation) -- c:\windows\system32\wpc.dll
[2013.01.09 13:54:16 | 000,046,592 | ---- | c] (microsoft) -- c:\windows\system32\fpb.rs
[2013.01.09 13:54:16 | 000,045,568 | ---- | c] (microsoft) -- c:\windows\system32\oflc-nz.rs
[2013.01.09 13:54:16 | 000,044,544 | ---- | c] (microsoft) -- c:\windows\system32\pegibbfc.rs
[2013.01.09 13:54:16 | 000,043,520 | ---- | c] (microsoft) -- c:\windows\system32\csrr.rs
[2013.01.09 13:54:16 | 000,040,960 | ---- | c] (microsoft) -- c:\windows\system32\cob-au.rs
[2013.01.09 13:54:16 | 000,030,720 | ---- | c] (microsoft) -- c:\windows\system32\usk.rs
[2013.01.09 13:54:16 | 000,021,504 | ---- | c] (microsoft) -- c:\windows\system32\grb.rs
[2013.01.09 13:54:16 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi-pt.rs
[2013.01.09 13:54:16 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi.rs
[2013.01.09 13:54:16 | 000,015,360 | ---- | c] (microsoft) -- c:\windows\system32\djctq.rs
[2013.01.09 13:54:15 | 002,576,384 | ---- | c] (microsoft corporation) -- c:\windows\system32\gameux.dll
[2013.01.09 13:54:14 | 000,055,296 | ---- | c] (microsoft) -- c:\windows\system32\cero.rs
[2013.01.09 13:54:14 | 000,051,712 | ---- | c] (microsoft) -- c:\windows\system32\esrb.rs
[2013.01.09 13:54:14 | 000,023,552 | ---- | c] (microsoft) -- c:\windows\system32\oflc.rs
[2013.01.09 13:54:14 | 000,020,480 | ---- | c] (microsoft) -- c:\windows\system32\pegi-fi.rs
[2013.01.09 13:53:56 | 000,219,136 | ---- | c] (microsoft corporation) -- c:\windows\system32\ncrypt.dll
[2012.12.22 12:34:33 | 000,295,424 | ---- | c] (adobe systems incorporated) -- c:\windows\system32\atmfd.dll
[2012.12.22 12:34:33 | 000,034,304 | ---- | c] (adobe systems) -- c:\windows\system32\atmlib.dll
[2012.12.13 17:36:58 | 000,376,832 | ---- | c] (microsoft corporation) -- c:\windows\system32\dpnet.dll
[2012.12.13 17:36:51 | 000,002,048 | ---- | c] (microsoft corporation) -- c:\windows\system32\tzres.dll
[2012.11.16 17:04:20 | 000,047,720 | ---- | c] (microsoft corporation) -- c:\windows\system32\drivers\wdfldr.sys
[2012.11.16 17:04:20 | 000,009,728 | ---- | c] (microsoft corporation) -- c:\windows\system32\wdfres.dll
[2012.11.16 17:04:03 | 000,613,888 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfx.dll
[2012.11.16 17:04:03 | 000,172,032 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfplatform.dll
[2012.11.16 17:04:03 | 000,038,912 | ---- | c] (microsoft corporation) -- c:\windows\system32\wudfcoinstaller.dll
[2012.11.16 16:59:58 | 000,078,336 | ---- | c] (microsoft corporation) -- c:\windows\system32\synceng.dll
[2012.11.08 15:12:24 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\klett - playway 4
[2012.10.24 21:17:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\roaming\apple computer
[2012.10.24 21:17:32 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\apple computer
[2012.10.24 21:17:25 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\itunes
[2012.10.24 21:17:20 | 000,000,000 | ---d | c] -- c:\windows\system32\drvstore
[2012.10.24 21:16:35 | 000,000,000 | ---d | c] -- c:\program files\ipod
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\program files\itunes
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\programdata\apple computer
[2012.10.24 21:16:34 | 000,000,000 | ---d | c] -- c:\programdata\188f1432-103a-4ffb-80f1-36b633c5c9e1
[2012.10.24 21:15:52 | 000,000,000 | ---d | c] -- c:\users\anwender\appdata\local\apple
[2012.10.24 21:15:50 | 000,000,000 | ---d | c] -- c:\program files\apple software update
[2012.10.24 21:15:05 | 000,000,000 | ---d | c] -- c:\program files\bonjour
[2012.10.24 21:14:51 | 000,000,000 | ---d | c] -- c:\programdata\apple
[2012.10.24 21:14:51 | 000,000,000 | ---d | c] -- c:\program files\common files\apple
[2012.10.24 18:20:19 | 000,000,000 | ---d | c] -- c:\users\anwender\4.0
[2012.10.24 18:20:19 | 000,000,000 | ---d | c] -- c:\users\anwender\.tfo4
[2012.10.24 18:19:48 | 000,000,000 | ---d | c] -- c:\programdata\sun
[2012.10.24 18:19:47 | 000,000,000 | ---d | c] -- c:\program files\common files\java
[2012.10.24 18:19:27 | 000,472,808 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2012.10.24 18:19:27 | 000,157,472 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2012.10.24 18:19:27 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2012.10.24 18:19:27 | 000,145,184 | ---- | c] (sun microsystems, inc.) -- c:\windows\system32\java.exe
[2012.10.24 18:19:13 | 000,000,000 | ---d | c] -- c:\program files\java
 
========== files - modified within 180 days ==========
 
[2013.04.21 16:45:37 | 000,014,784 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2013.04.21 16:45:37 | 000,014,784 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2013.04.21 16:28:10 | 000,001,940 | ---- | m] () -- c:\users\public\desktop\avira control center.lnk
[2013.04.21 16:26:49 | 000,001,098 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2013.04.21 16:26:40 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
[2013.04.21 16:26:35 | 1559,928,832 | -hs- | m] () -- c:\hiberfil.sys
[2013.04.21 16:17:59 | 000,001,067 | ---- | m] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk
[2013.04.21 16:14:52 | 000,135,136 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avipbb.sys
[2013.04.21 16:14:52 | 000,084,744 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avgntflt.sys
[2013.04.21 16:14:52 | 000,037,352 | ---- | m] (avira operations gmbh & co. Kg) -- c:\windows\system32\drivers\avkmgr.sys
[2013.04.21 16:14:52 | 000,028,520 | ---- | m] (avira gmbh) -- c:\windows\system32\drivers\ssmdrv.sys
[2013.04.21 12:45:50 | 000,002,129 | ---- | m] () -- c:\users\public\desktop\google chrome.lnk
[2013.04.04 14:50:32 | 000,022,856 | ---- | m] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2013.04.02 17:55:00 | 000,001,102 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachineua.job
[2013.03.14 10:41:40 | 000,654,150 | ---- | m] () -- c:\windows\system32\perfh007.dat
[2013.03.14 10:41:40 | 000,616,032 | ---- | m] () -- c:\windows\system32\perfh009.dat
[2013.03.14 10:41:40 | 000,130,022 | ---- | m] () -- c:\windows\system32\perfc007.dat
[2013.03.14 10:41:40 | 000,106,412 | ---- | m] () -- c:\windows\system32\perfc009.dat
[2013.02.14 13:13:07 | 000,269,712 | ---- | m] () -- c:\windows\system32\fntcache.dat
[2013.02.12 15:51:24 | 000,015,872 | ---- | m] (microsoft corporation) -- c:\windows\system32\drivers\usb8023.sys
[2013.02.02 05:38:35 | 001,800,704 | ---- | m] (microsoft corporation) -- c:\windows\system32\jscript9.dll
[2013.02.02 05:30:32 | 001,427,968 | ---- | m] (microsoft corporation) -- c:\windows\system32\inetcpl.cpl
[2013.02.02 05:29:22 | 000,231,936 | ---- | m] (microsoft corporation) -- c:\windows\system32\url.dll
[2013.02.02 05:27:56 | 000,065,024 | ---- | m] (microsoft corporation) -- c:\windows\system32\jsproxy.dll
[2013.02.02 05:26:47 | 000,142,848 | ---- | m] (microsoft corporation) -- c:\windows\system32\ieunatt.exe
[2013.02.02 05:25:16 | 000,607,744 | ---- | m] (microsoft corporation) -- c:\windows\system32\msfeeds.dll
[2013.02.02 05:23:28 | 002,382,848 | ---- | m] (microsoft corporation) -- c:\windows\system32\mshtml.tlb
[2013.02.02 05:20:00 | 000,176,640 | ---- | m] (microsoft corporation) -- c:\windows\system32\ieui.dll
[2013.01.17 02:28:58 | 000,232,336 | ---- | m] (microsoft corporation) -- c:\windows\system32\mpsigstub.exe
[2013.01.05 07:02:17 | 003,957,608 | ---- | m] (microsoft corporation) -- c:\windows\system32\ntkrnlpa.exe
[2013.01.05 07:02:17 | 003,902,312 | ---- | m] (microsoft corporation) -- c:\windows\system32\ntoskrnl.exe
[2013.01.04 06:55:09 | 000,187,240 | ---- | m] (microsoft corporation) -- c:\windows\system32\drivers\fwpkclnt.sys
[2013.01.04 06:50:40 | 000,169,984 | ---- | m] (microsoft corporation) -- c:\windows\system32\winsrv.dll
[2013.01.04 06:43:54 | 000,004,608 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.04 06:43:54 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.04 06:43:54 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.04 06:43:53 | 000,004,096 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.01.04 06:43:53 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.04 06:43:52 | 000,005,120 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.04 06:43:52 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.01.04 05:00:30 | 002,345,984 | ---- | m] (microsoft corporation) -- c:\windows\system32\win32k.sys
[2013.01.04 04:59:29 | 000,271,360 | ---- | m] (microsoft corporation) -- c:\windows\system32\conhost.exe
[2013.01.04 04:43:35 | 000,003,584 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.04 04:43:34 | 000,006,144 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.01.04 04:43:34 | 000,004,608 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.04 04:43:34 | 000,003,072 | -h-- | m] (microsoft corporation) -- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.12.16 16:25:27 | 000,295,424 | ---- | m] (adobe systems incorporated) -- c:\windows\system32\atmfd.dll
[2012.12.16 16:25:19 | 000,034,304 | ---- | m] (adobe systems) -- c:\windows\system32\atmlib.dll
[2012.12.07 07:04:20 | 000,308,736 | ---- | m] (microsoft corporation) -- c:\windows\system32\wpc.dll
[2012.12.07 06:57:38 | 002,576,384 | ---- | m] (microsoft corporation) -- c:\windows\system32\gameux.dll
[2012.12.07 05:21:08 | 000,045,568 | ---- | m] (microsoft) -- c:\windows\system32\oflc-nz.rs
[2012.12.07 05:21:08 | 000,044,544 | ---- | m] (microsoft) -- c:\windows\system32\pegibbfc.rs
[2012.12.07 05:21:08 | 000,043,520 | ---- | m] (microsoft) -- c:\windows\system32\csrr.rs
[2012.12.07 05:21:08 | 000,030,720 | ---- | m] (microsoft) -- c:\windows\system32\usk.rs
[2012.12.07 05:21:08 | 000,023,552 | ---- | m] (microsoft) -- c:\windows\system32\oflc.rs
[2012.12.07 05:21:07 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi-pt.rs
[2012.12.07 05:21:06 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi-fi.rs
[2012.12.07 05:21:06 | 000,020,480 | ---- | m] (microsoft) -- c:\windows\system32\pegi.rs
[2012.12.07 05:21:05 | 000,055,296 | ---- | m] (microsoft) -- c:\windows\system32\cero.rs
[2012.12.07 05:21:05 | 000,051,712 | ---- | m] (microsoft) -- c:\windows\system32\esrb.rs
[2012.12.07 05:21:05 | 000,046,592 | ---- | m] (microsoft) -- c:\windows\system32\fpb.rs
[2012.12.07 05:21:05 | 000,021,504 | ---- | m] (microsoft) -- c:\windows\system32\grb.rs
[2012.12.07 05:21:04 | 000,040,960 | ---- | m] (microsoft) -- c:\windows\system32\cob-au.rs
[2012.12.07 05:21:04 | 000,015,360 | ---- | m] (microsoft) -- c:\windows\system32\djctq.rs
[2012.11.20 07:10:07 | 000,219,136 | ---- | m] (microsoft corporation) -- c:\windows\system32\ncrypt.dll
[2012.11.09 06:49:37 | 000,002,048 | ---- | m] (microsoft corporation) -- c:\windows\system32\tzres.dll
[2012.11.08 15:12:25 | 000,002,699 | ---- | m] () -- c:\users\public\desktop\playway 4 cd-rom.lnk
[2012.11.02 06:48:28 | 000,376,832 | ---- | m] (microsoft corporation) -- c:\windows\system32\dpnet.dll
[2012.10.24 21:17:25 | 000,001,753 | ---- | m] () -- c:\users\public\desktop\itunes.lnk
[2012.10.24 18:19:16 | 000,472,808 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\deployjava1.dll
[2012.10.24 18:19:16 | 000,157,472 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaws.exe
[2012.10.24 18:19:16 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\javaw.exe
[2012.10.24 18:19:16 | 000,145,184 | ---- | m] (sun microsystems, inc.) -- c:\windows\system32\java.exe
 
========== files created - no company name ==========
 
[2013.04.21 16:34:46 | 000,010,084 | ---- | c] () -- c:\windows\system32\drivers\nvphy.bin
[2013.04.21 16:28:10 | 000,001,940 | ---- | c] () -- c:\users\public\desktop\avira control center.lnk
[2013.04.21 16:17:59 | 000,001,067 | ---- | c] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk
[2012.11.16 17:04:21 | 000,000,003 | ---- | c] () -- c:\windows\system32\drivers\msftwdf_kernel_01011_inbox_critical.wdf
[2012.11.16 17:04:03 | 000,000,003 | ---- | c] () -- c:\windows\system32\drivers\msftwdf_user_01_11_00_inbox_critical.wdf
[2012.11.08 15:12:25 | 000,002,699 | ---- | c] () -- c:\users\public\desktop\playway 4 cd-rom.lnk
[2012.10.24 21:17:25 | 000,001,753 | ---- | c] () -- c:\users\public\desktop\itunes.lnk
[2012.10.24 21:15:50 | 000,002,519 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\apple software update.lnk
[2010.05.30 10:56:09 | 000,000,760 | ---- | c] () -- c:\users\anwender\appdata\roaming\setup_ldm.iss
 
========== zeroaccess check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | rhs- | m] () -- c:\windows\assembly\desktop.ini
 
[hkey_current_user\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
 
[hkey_current_user\software\classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\inprocserver32]
 
[hkey_local_machine\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
"" = %systemroot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | m] (microsoft corporation)
"threadingmodel" = apartment
 
[hkey_local_machine\software\classes\clsid\{5839fca9-774d-42a1-acda-d6a79037f57f}\inprocserver32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | m] (microsoft corporation)
"threadingmodel" = free
 
[hkey_local_machine\software\classes\clsid\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\inprocserver32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | m] (microsoft corporation)
"threadingmodel" = both

< end of report >

--- --- ---

[/quote]

extras.txt:
OTL Logfile:

Code:

ATTFilter

otl extras logfile created on: 21.04.2013 16:44:25 - run 1
otl by oldtimer - version 3.2.69.0     folder = c:\users\anwender\downloads
 home premium edition  (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
 
1,94 gb total physical memory | 1,18 gb available physical memory | 61,01% memory free
3,87 gb paging file | 2,87 gb available in paging file | 73,98% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 465,66 gb total space | 421,25 gb free space | 90,46% space free | partition type: Ntfs
 
computer name: Anwender-pc | user name: Anwender | logged in as administrator.
Boot mode: Normal | scan mode: All users
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 180 days
 
========== extra registry (safelist) ==========
 
 
========== file associations ==========
 
[hkey_local_machine\software\classes\<extension>]
.cpl [@ = cplfile] -- c:\windows\system32\control.exe (microsoft corporation)
.hlp [@ = hlpfile] -- c:\windows\winhlp32.exe (microsoft corporation)
 
========== shell spawning ==========
 
[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation)
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Hlpfile [open] -- %systemroot%\winhlp32.exe %1 (microsoft corporation)
htmlfile [edit] -- reg error: Key error.
Htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,printhtml "%1"
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
 
========== security center settings ==========
 
[hkey_local_machine\software\microsoft\security center]
"cval" = 0
 
[hkey_local_machine\software\microsoft\security center\monitoring]
 
[hkey_local_machine\software\microsoft\security center\svc]
"vistasp1" = reg error: Unknown registry data type -- file not found
"antivirusoverride" = 0
"antispywareoverride" = 0
"firewalloverride" = 0
 
========== firewall settings ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
========== authorized applications list ==========
 
 
========== vista active open ports exception list ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{15682f4b-9d73-476d-8abd-c3213803c436}" = lport=139 | protocol=6 | dir=in | app=system | 
"{260305e8-70ea-4cd1-be57-637cf9873b28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30663f4d-77e2-4c55-9ce3-536457e90f28}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3ed4728f-bcb7-4f6e-9f28-1c6481d0ef00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4a4ac904-8c1f-45a0-a6bb-35578b509c02}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6b723652-a341-4d03-8ff5-80d0ca4a1917}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6e3d0c8d-58eb-4155-ae13-57de214493b9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{70338daa-51e9-4817-8ceb-7299ee835d86}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{721933cc-96ea-4883-82c6-65144ba2beb3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7b5f1dc9-c85e-4451-9435-75d4c32e3812}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9976fa6e-ac61-44d3-a283-699f4b6d27b4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9d521eeb-861b-4d01-948f-c08c15110945}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9f2e9688-9015-4d22-9dc4-c79b5bf6ac74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{af35ff50-4f2d-47e9-9330-ceef1f8d851a}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{b237fd5a-3faa-4589-aeba-b218623daace}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ca880501-ee3e-4028-ad44-b8967caa6f86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ddd125eb-3cae-4174-bca1-b12555a64f47}" = rport=137 | protocol=17 | dir=out | app=system | 
"{e58a8171-8785-4362-96fa-c4b09e45ef35}" = rport=139 | protocol=6 | dir=out | app=system | 
"{e8b95b1b-4486-4059-941e-4db8083286a7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{e9aa2ec5-7380-4a65-8a42-840385013f44}" = lport=137 | protocol=17 | dir=in | app=system | 
"{f538f7e6-f04d-4a19-9a8f-4e8b1d2c8194}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{f59c4cfc-b538-45d0-b16b-fd10c605c449}" = rport=445 | protocol=6 | dir=out | app=system | 
"{fa7896e3-41ee-45bd-a070-fc87b708cbb9}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== vista active application exception list ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{018f1735-e031-45ba-9f52-4d527b50e513}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{0313e384-91cf-4cbc-a8c2-ebb07c6c8523}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{0c1b7e5d-e504-4830-a877-8a6908a562d5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0f3daac2-6a04-4d23-9a0d-1b72b0053b01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{10650589-32a2-4453-9c74-460516361089}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{195dc63b-b99b-43a0-b6b2-bca87f65e0d0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{19f370f8-d451-4781-baf1-f1fa0cb80103}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{1c52ef5a-6375-42fc-b0f7-05f1e47fbe72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{215ba85a-4581-4c39-99a8-4dfaffe321f8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{237695db-b3fb-46f9-b1f2-9367affca8ad}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{25a853a5-9701-4000-9956-4c4bddd4635c}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{29a0fa61-ed5b-4d92-82a7-cfdf9ddfbbc9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{29b6945b-f925-4e1c-bd22-f35f342bf3ab}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{38ccdee7-4464-4116-afd0-d3a10d39b9e3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{444e22c9-da89-4c64-a7c5-e59c327159b7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4ff494fb-12f0-4a05-9173-2d854f160cd1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{575c5c70-41dd-44a4-9a21-2f83b1bc5d18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5fb1b719-a9f2-4e8f-beba-9356753acab4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8d5f8688-dfb1-4bd1-9c95-8216b85f2dd1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97a3ba19-58d1-492d-86a8-b3c6b4784dd0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{99f0dc9b-6f5d-4cf9-82bc-db2dae269518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9b263263-1b10-42e3-94ef-492d6da6e271}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9b7dfaa4-9aa7-4231-b58a-164f0089b34c}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{a01879ca-cb21-4075-add8-199ba49401d2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{a5823e25-76d8-4c13-be55-660977702b98}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{a698630b-7888-4cbc-9b2d-3bc95c447462}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{b849dda3-cb9e-4e88-8148-c05a4e6142a4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{bc95f758-af15-45d5-beec-eed9b421845e}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{d2d2887f-b2c8-4f6e-9c9f-9fa9e38a1e5e}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{d83fd2de-b0b9-4949-915b-eadb6f4a2505}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{de747acc-8933-4953-9818-83d3abce8829}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{de836bac-07cd-4296-9c90-29ce5f687f0a}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{df93638a-7b8a-4643-b060-b28c9c96b7ff}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{e0992697-16ea-418a-83ea-93116ac86919}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{ea2d15f6-0c3c-43b3-8643-27f9b943351f}" = protocol=6 | dir=out | app=system | 
"{ebfbb4bf-01d8-429b-840e-1bc2da993b6d}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{ed782b2a-53db-4584-9269-7753a5089030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{fd2fc667-5f9d-43d3-be67-1ea3a834c7bc}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"tcp query user{3df6cf64-3fe4-439d-9e2f-b5b2b9ea9030}c:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"udp query user{5e006ce9-981c-4516-949b-b39a9eb1faf9}c:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== hkey_local_machine uninstall list ==========
 
[hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{0c826c5b-b131-423a-a229-c71b3caccd6a}" = cddrv_installer
"{0f367ca3-3b2f-43f9-a44a-25a8ee69e45d}" = scan
"{0f6f6876-6334-4977-b5dd-cfc12e193420}" = itunes
"{1199fad5-9546-44f3-81cf-ffdb8040b7bf}_canon_mg5100_series" = canon mg5100 series mp drivers
"{17285384-0749-44af-b75d-2ea74dc58822}" = playway 3
"{175f0111-2968-4935-8f70-33108c6a4de3}" = marketresearch
"{18455581-e099-4ba8-bc6b-f34b2f06600c}" = google toolbar for internet explorer
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
"{21a2f5ee-1dc5-488a-be7e-e526f8c61488}" = devicediscovery
"{2318c2b1-4965-11d4-9b18-009027a5cd4f}" = google toolbar for internet explorer
"{26a24ae4-039d-4ca4-87b4-2f83216029ff}" = java(tm) 6 update 29
"{2eea7aa4-c203-4b90-a34f-19fb7ef1c81c}" = bufferchm
"{3101cb58-3482-4d21-af1a-7057fc935355}" = khalinstallwrapper
"{3a4d5e2d-988d-4ee9-8e7f-3ac200a2b8f5}" = 4500g510nz_software_min
"{3c3901c5-3455-3e0a-a214-0b093a5070a6}" = microsoft .net framework 4 client profile
"{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}" = erlt
"{43cdf946-f5d9-4292-b006-ba0d92013021}" = webreg
"{440b915a-0c85-45db-92ae-75ae14704a64}" = fax
"{4a03706f-666a-4037-7777-5f2748764d10}" = java auto updater
"{4a70ef07-7f88-4434-bb61-d1de8ae93dd4}" = solutioncenter
"{5b05ff91-f20c-4832-a8de-e1912639c17c}" = 4500g510nz
"{5fdd02c7-9a97-43ed-9bc2-892c3a67aa26}" = playway 2
"{612c34c7-5e90-47d8-9b5c-0f717dd82726}" = swmsm
"{63ec2120-1742-4625-aa47-c6a8aec9c64c}" = apple application support
"{63ff21c9-a810-464f-b60a-3111747b1a6d}" = gpbaseservice2
"{67aad4a9-b77c-452b-ae50-9ee8af4bc350}" = playway 4
"{68a10d12-0d0f-4212-bde6-d87fad32a8fa}" = smartwebprinting
"{690879a5-18ef-447b-98d6-b699d51008ab}" = 4500_g510nz_help
"{6b2ffb21-ac88-45c3-9a7d-4bb3e744ec91}" = hpssupply
"{6bba26e9-ab03-4fe7-831a-3535584ca002}" = toolbox
"{7059bda7-e1db-442c-b7a1-6144596720a4}" = hp update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable
"{789a5b64-9dd9-4ba5-915a-f0fc0a1b7bfe}" = apple software update
"{79155f2b-9895-49d7-8612-d92580e0de5b}" = bonjour
"{7e0e61cc-1c99-429d-bea7-c4dd5b898d2a}" = hp officejet 4500 g510n-z
"{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules
"{92127af5-fdd8-4adf-bc40-c356c9ee0b7d}" = 32 bit hp cio components installer
"{92a51949-ee4c-466d-aaf0-99e74a49a63f}" = docmgr
"{9b362566-ec1b-4700-bb9c-ec661bde2175}" = docproc
"{a92dab39-4e2c-4304-9ab6-bc44e68b55e2}" = google update helper
"{ac76ba86-7ad7-1031-7b44-aa1000000001}" = adobe reader x (10.1.4) - deutsch
"{ae8705fb-e13c-40a9-8a2d-68d6733fbfc2}" = status
"{aec0cebc-0fc7-4716-8222-1c4a742719b1}" = samsung master
"{b2455727-ed8f-4643-8a6e-f4ab8de3633d}" = network
"{bd7204ba-dd64-499e-9b55-6a282cdf4fa4}" = destinations
"{c43326f5-f135-4551-8270-7f7aba0462e1}" = hpproductassistant
"{d4ddfaa1-ec37-4529-ad5b-a433ade68662}" = apple mobile device support
"{dc0a5f99-fd66-433f-9d3a-05dcba64be42}" = trayapp
"{f0c3e5d1-1ade-321e-8167-68ef0de699a5}" = microsoft visual c++ 2010  x86 redistributable - 10.0.40219
"{f29b21bd-caa6-445f-8ef7-a7e2b9d8b14e}" = logitech setpoint
"{f750c986-5310-3a5a-95f8-4ec71c8ac01c}" = microsoft .net framework 4 client profile deu language pack
"adobe flash player activex" = adobe flash player 10 activex
"adobe shockwave player" = adobe shockwave player 11.6
"avira antivir desktop" = avira free antivirus
"canon mg5100 series benutzerregistrierung" = canon mg5100 series benutzerregistrierung
"canonmyprinter" = canon my printer
"canonsolutionmenuex" = canon solution menu ex
"die förderpyramide 1" = die förderpyramide 1
"easy-photoprint ex" = canon easy-photoprint ex
"google chrome" = google chrome
"hp document manager" = hp document manager 2.0
"hp imaging device functions" = hp imaging device functions 13.0
"hp smart web printing" = hp smart web printing 4.5
"hp solution center & imaging support tools" = hp solution center 13.0
"hpextendedcapabilities" = hp customer participation program 13.0
"hpocr" = ocr software by i.r.i.s. 13.0
"malwarebytes' anti-malware_is1" = malwarebytes Anti-Malware version 1.75.0.1300
"microsoft .net framework 4 client profile" = microsoft .net framework 4 client profile
"microsoft .net framework 4 client profile deu language pack" = microsoft .net framework 4 client profile deu language pack
"mp navigator ex 4.0" = canon mp navigator ex 4.0
"nvidia drivers" = nvidia drivers
"origin" = origin
"pc-kids deutsch 4_is1" = pc-kids deutsch 4
"pc-kids mathematik 3_is1" = pc-kids mathematik 3
"shop for hp supplies" = shop for hp supplies
"tomtom home" = tomtom home 2.8.4.2596
 
========== last 20 event log errors ==========
 
[ application events ]
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
 
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 6193
 
error - 18.03.2013 06:01:44 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 6193
 
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
 
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 7207
 
error - 18.03.2013 06:01:45 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 7207
 
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: Continuously busy for more than a second
 
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledevent 8206
 
error - 18.03.2013 06:01:46 | computer name = anwender-pc | source = bonjour service | id = 100
description = task scheduling error: M->nextscheduledspretry 8206
 
error - 21.04.2013 11:05:03 | computer name = anwender-pc | source = application error | id = 1000
description = name der fehlerhaften anwendung: Origin.exe, version: 9.1.15.109, 
zeitstempel: 0x514b5484  name des fehlerhaften moduls: Originclient.dll, version: 
9.1.15.109, zeitstempel: 0x514b5468  ausnahmecode: 0xc0000005  fehleroffset: 0x00298b9d
id
 des fehlerhaften prozesses: 0x8fc  startzeit der fehlerhaften anwendung: 0x01ce3ea18f05e4e0
pfad
 der fehlerhaften anwendung: C:\program files\origin\origin.exe  pfad des fehlerhaften
 moduls: C:\program files\origin\originclient.dll  berichtskennung: D7764bc0-aa94-11e2-8cfc-00241da4cf5c
 
[ system events ]
error - 21.04.2013 11:07:02 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:08:11 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:10:27 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:06:15 | computer name = anwender-pc | source = eventlog | id = 6008
description = das system wurde zuvor am ?21.?04.?2013 um 15:53:59 unerwartet heruntergefahren.
 
Error - 21.04.2013 11:06:21 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 11:08:36 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:12:29 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:14:42 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:26:49 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "ip-hilfsdienst" ist von folgendem dienst abhängig: Winmgmt.
 Dieser dienst ist eventuell nicht installiert.
 
Error - 21.04.2013 10:28:51 | computer name = anwender-pc | source = service control manager | id = 7003
description = der dienst "sicherheitscenter" ist von folgendem dienst abhängig: 
Winmgmt. Dieser dienst ist eventuell nicht installiert.
 
 
< end of report >

--- --- ---

aharonov · 21.04.2013, 16:17

Hi Micha,

Zitat:

noch mal kurz ergänzend, Anti-Malware hat den Eintrag "C:User\Anwender\7556965.dll" gefunden!??

Poste mir bitte das Logfile dieses MBAM-Durchlaufs. So findest du es: http://www.trojaner-board.de/125889-...en-posten.html

mnjakob · 21.04.2013, 16:22

Hey Leo,

nier nun das Logfile:

Zitat:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.04.21.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Anwender :: ANWENDER-PC [Administrator]

21.04.2013 16:18:45
mbam-log-2013-04-21 (16-18-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200332
Laufzeit: 3 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Anwender\7556965.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

aharonov · 21.04.2013, 16:29

Ja, das ist weg.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.

Code:

ATTFilter

:commands
[emptytemp]

Schliesse nun bitte alle anderen Programme.
Klicke jetzt auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
(Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
Kopiere nun dessen Inhalt hier in deinen Thread.

Schritt 2

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.

Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
(Danach nicht vergessen, sie wieder einzuschalten.)
Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
Warte bis die Komponenten heruntergeladen sind.
Setze den Haken bei Scan archives.
Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
Drücke dann auf Start.
Die Signaturen werden heruntergeladen und der Scan startet automatisch.
Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
Falls nach Beendigung des Scans Funde angezeigt werden, dann:
- Drücke auf List of found threats.
- Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
- Drücke danach auf << Back.
Schliesse nun den Scanner mit einem Klick auf Finish.

Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.

Schritt 3

Downloade dir bitte SecurityCheck (Link 2).

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von ESET
Log von SecurityCheck

mnjakob · 21.04.2013, 17:42

Hallo Leo,

hier die Log´s:

Zitat:

OTL:
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anwender
->Temp folder emptied: 2874725 bytes
->Temporary Internet Files folder emptied: 44103101 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 884080 bytes
->Flash cache emptied: 774 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41498 bytes
RecycleBin emptied: 182954647 bytes

Total Files Cleaned = 220,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04212013_173902

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ESET:
Ohne Ergebnis!!!

SecurityCheck:
Results of screen317's Security Check version 0.99.62
Windows 7 x86
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Vielen vielen Dank für Deine Hile und Unterstützung.

LG
Micha

aharonov · 21.04.2013, 17:57

Hallo Micha,

jetzt muss das Übel noch an der Wurzel gepackt werden. Da ist viel zu viel rot im SecurityCheck-Log (Es fehlt unter anderem ein Service Pack!). So zu surfen ist gefährlich.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

sc config wscsvc start= auto /c
net start wscsvc /c

Schliesse bitte alle anderen Programme.
Klicke nun auf None (deutsch "None") und danach auf den Scan Button.
Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.

Schritt 2

Gehe bitte zu Start --> Alle Programme --> Windows Update.
Klicke dann links auf Nach Updates suchen und warte, bis die Suche beendet ist.
Drücke dann auf Updates installieren.
Starte nach Beendigung der Installation den Rechner neu auf.
Wiederhole diese Schritte, bis keine neuen Updates mehr verfügbar sind.

Schritt 3

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 21.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:

Lade dir die neueste Java-Version herunter.
Schliesse alle laufenden Programme, speziell den Browser.
Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Schritt 4

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:

Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 5

Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von OTL
Log von SecurityCheck

aharonov · 26.04.2013, 21:15

Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

aharonov · 28.04.2013, 15:00

Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

21.04.2013, 15:21	#4
aharonov /// TB-Ausbilder	GVU Ihr Computer ist gesperrt Trojane Windows 7 Hallo Micha, aber jetzt kannst du den Rechner wieder normal starten? __________________ cheers, Leo

GVU Ihr Computer ist gesperrt Trojane Windows 7

Log-Analyse und Auswertung: GVU Ihr Computer ist gesperrt Trojane Windows 7