Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus nach Facebook-"Video"?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 23.04.2013, 14:20   #1
zwn
 
Virus nach Facebook-"Video"? - Standard

Virus nach Facebook-"Video"?



Hallo,

ich habe vor einigen Tagen dummerweise auf ein vermeintliches Video bei Facebook geklickt, woraufhin sich ein neuer Tab öffnete wo ich eine Datei hätte herunterladen sollen um das Video zu sehen. Ich habe den Tab dann direkt geschlossen und das Thema erstmal abgehakt. einige Tage später bekam ich eine Nachricht, dass ich 2 Pornovideos "geliked" hätte, was ich definitiv nicht getan habe. Ich konnte aber weder bei mir noch bei der Person die mir das mitgeteilt hat nochmal etwas dazu finden...

Auf der Suche nach Hinweisen zu dem Thema habe ich eine Seite gefunden auf der steht, dass es sich um einen "Selbst-replizierenden Wurm" handelt.

Da ich selber nicht allzuviel Ahnung von dem Thema habe, bin ich mir unsicher ob mein PC nun mit irgendetwas infiziert ist oder nicht. Ich hoffe hier kann mir jemand helfen.

Avira Antivir findet nichts, Malewarebytes Anti-Maleware hat auch nichts beim kompletten Scan gefunden. Ad-Aware (habe ich nur für einen weiteren Scan installiert und außer bei dem Scan immer deaktiviert) hat bei einem Quick-Scan eine Sache gefunden, die ich dummerweise schon gelöscht habe und ich weiß nicht ob bzw. wo ich die log-files finden kann. Spybot hat jede Menge Funde gehabt, alle zwischen Klasse 1 und 5...

Bei dem Scan mit GMER kamen folgende Fehlermeldungen:
1. C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird

2. C:\Users\***\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird

Hier die log-files von OTL, Extras, gmer und Spybot:

Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.04.2013 13:58:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 74,03% Memory free
15,92 Gb Paging File | 13,63 Gb Available in Paging File | 85,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,87 Gb Free Space | 49,86% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D1ECA-16C4-4D85-9702-7E4C2E6AC167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B2A680B-C5EC-43CC-85DC-6FF23595E105}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D7AAE3B-3298-49BF-8092-175010B8203F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{25F6075E-6CF0-4348-9FFF-9E79FB183FB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{331E3BAB-03F7-4AB6-8979-A2EC5B4B70F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34E85162-7E62-4291-B6FA-90B40120E1F6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4A724997-D429-4FF2-8150-D1AA2E6C7967}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5174C8AB-CCFC-45F6-8F0C-E2DDE2EE7562}" = lport=137 | protocol=17 | dir=in | app=system | 
"{606BA6DA-71B4-49F6-837E-B060D92D4218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60D7EF28-E601-415D-A340-F710C71D8A2B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73CC2E96-B689-4BDC-A352-341AA2B4417C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{790F1CD0-46A2-439E-87BD-D249A60C3F5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{79F8A380-5C69-49A5-A512-7D127FEE5093}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7C2BA455-F8D0-42B1-859B-530AEECA65AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99137CD1-AAF8-403F-A9F5-21DE2B1EB3F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A526CDA5-9975-4F2A-8141-E36A101C8369}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A881DEC4-BF96-4AB5-ADCB-1C557FEEF0B7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A8E8E366-058C-42F3-8664-561201440831}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFDB7142-FE27-4E3D-A6DE-EA3B9857F616}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B10DC8E5-1E19-4AA9-95FB-F6DC31BC0063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC8B3877-DE17-4030-B75E-4D4F7BA27DBD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD270723-4037-44D0-BCD6-9E13635DFD95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F254A677-B6C4-493D-BE02-76ECC55791C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F98495EA-978B-414C-8F39-B39D6AEB1E07}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03543A78-1844-4DB2-884E-E61B63628747}" = protocol=6 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | 
"{042ED58F-8A80-4EFA-897A-765EF33B192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{05AED89E-ED3B-473A-83C4-2211FBA44AEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0AA1CA60-9CC2-41E7-8015-3B429133BDE5}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | 
"{111CE07C-7E3B-43AC-9229-68B478A481E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{13763ACD-07AB-47DB-AF24-79D7BF32280A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14450B91-2C51-406C-8141-E1C210DE7554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E3F1706-6F9F-4731-8A84-0D7BEF0333B3}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | 
"{2672A338-5ACF-4DC7-B46C-270CE3AB8193}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2905AFAA-A4C6-4F91-A5AC-55841AE293AE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4007DF4D-F0FE-4952-BE38-34D3C8477368}" = protocol=6 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | 
"{468D3BB1-EDE5-4E86-A934-2A617EA82D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4F87F356-EC0B-433A-884C-6D8AF3A33A6F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{58B56E31-97A9-47E1-B592-37C8FC732AF2}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{61DA499B-918F-4AF7-B4AE-B9DE32904BB4}" = protocol=17 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | 
"{6A187ED3-A888-439B-B44A-9E4E76A1AF30}" = protocol=17 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | 
"{6E0A4E84-59EC-40E4-92F7-E493795BFF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6E122F83-70B3-4223-949C-0D69B6775166}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{720569FF-D6F1-48FD-9F7F-D3B3B3A6E829}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | 
"{72F56326-E1FE-4A1A-9F22-B9BAD18DF314}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FC0FDCC-3540-4F3B-A328-6E19E40E775F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{88567FB6-CDCA-4D8E-B86A-D5B304552723}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{8A04F809-2DE6-4AF7-B578-E5D55C5AC2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{996491A3-ABD4-4708-A5B5-394113955E2A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | 
"{A27A58D8-CEAE-4DC4-BB2D-E8293559D25E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A4699B08-3471-45A7-88BC-590D6DD82F60}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{A57D9C23-0DA1-48FA-90A8-19864BAC64C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{ADA65890-5F0E-4042-BFFE-5F9B1A6A8878}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{AE7F76DA-369E-4769-851D-EC65DCEFE41D}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{AF2D453E-4190-4940-BB76-60013BF52C01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B5051A1B-C957-4856-A820-CB1D110EDCF3}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | 
"{B67D4C3B-F8E4-4B17-94F7-B1BC5637E8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B67FFFE8-EA25-413A-BE2D-F31B7DA9760A}" = protocol=6 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | 
"{BB8ADD7A-1DEE-49B7-899B-F255E921561C}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | 
"{BBAC2AFB-70A1-4E5F-9717-A5D015D31535}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1D7B709-7660-48AE-8319-38889D9FB003}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | 
"{C6096757-F656-4E16-A079-7D34A1F6074E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D04F6D4A-B679-4F86-9CAA-FC57B2574E12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D7C3465F-A32D-4729-8ED4-ABA7BD3F5507}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{DA2594F0-B444-4749-B476-175EB4BD38D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC4E6DA9-BCA4-4060-AF42-8AE3A00BA27F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | 
"{DC686CAE-FE56-44C5-8262-36F60E761493}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{E59AA3BF-5656-4905-9224-35C975175372}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E78923F0-03F5-49B7-A92E-FA4A02798388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD2E393-8ADC-4C1C-945A-36DFF02079A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F49E385A-195F-4ABC-90FB-6394EAAAE309}" = protocol=17 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | 
"{F70042D6-99C3-49CD-80CE-0C12531B100C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB547F36-260D-4F78-8C65-E56257CB545F}" = protocol=6 | dir=out | app=system | 
"{FE40AFE4-BEAD-4E73-BADB-7B64A44AE3E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{FF333F3C-BEC7-4B50-A613-FA0A44CCA871}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{6AE52F37-B7A9-494A-BA51-EF413B05870C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{7A8A84B8-B9A8-4727-AC4A-939DE9AE84B7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BB8B580B-8119-0235-C923-5F1EECE66561}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.9.1-x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"{43430FA0-4A2E-404A-B715-951000048101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{43430FA0-4A2E-404A-B715-951000058101}" = SUPER STREET FIGHTER IV: ARCADE EDITION
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{CA00F224-335F-6A70-DC7A-45D26F61C443}" = HydraVision
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2B086BD-75A9-45D1-A675-151624B259A1}" = Splashtop Connect for IE
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}" = Splashtop Connect for Firefox
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Free Video Converter_is1" = Free Video Converter V 3.1
"FreePDF_XP" = FreePDF (Remove only)
"GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"XnView_is1" = XnView 1.99
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.03.2013 05:52:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12310
Description = 
 
Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12298
Description = 
 
Error - 09.03.2013 10:44:59 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 07:39:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 16:24:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 09:14:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 13:04:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 11:07:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2013 13:11:41 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 08:45:57 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 17:15:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 22.04.2013 12:36:10 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 08.01.2013 05:36:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 06:56:45 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy9" den Befehl "chkdsk" aus.
 
Error - 08.01.2013 07:34:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 07:34:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 11:30:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 11:30:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 18:31:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.01.2013 18:31:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.01.2013 13:54:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.01.2013 13:54:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---

[/CODE]

OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.04.2013 14:17:05 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Trojaner-Board\OTL
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,99% Memory free
15,92 Gb Paging File | 13,61 Gb Available in Paging File | 85,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 39,66 Gb Free Space | 49,59% Space Free | Partition Type: NTFS
Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\Trojaner-Board\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startzentrale.de
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{70FEE180-EBE5-4fa3-B9FB-49E3D343B7FF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{7EE9917A-A530-4c18-B879-D95660327BEC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.startzentrale.de"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.07.28 22:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.07.28 22:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.10 20:09:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.21 21:06:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 16:59:13 | 000,000,000 | ---D | M]
 
[2012.07.28 23:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.21 21:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions
[2013.04.21 21:05:52 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.04.21 21:05:55 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.03.22 18:44:48 | 000,161,094 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\thumbnailZoom@dadler.github.com.xpi
[2013.04.14 23:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 16:59:12 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2012.08.10 20:09:04 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24FCBEE-B986-47D8-8AD0-EBDD2C422BF8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.23 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board
[2013.04.21 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.04.21 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.04.21 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.04.21 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.04.21 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.04.21 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2013.04.21 21:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.04.21 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.04.21 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013.04.21 21:04:07 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.04.21 21:04:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.21 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2013.04.21 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.21 20:54:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.21 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.19 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.12 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.07 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ
[2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.01 22:31:20 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 22:31:20 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 22:31:20 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.23 13:57:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.23 13:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 13:49:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.23 13:49:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.23 13:49:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.23 13:49:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.23 13:49:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 13:45:07 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.23 13:44:38 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 13:44:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.21 21:04:07 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.04.21 21:04:07 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.21 20:54:50 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.10 15:51:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 14:36:53 | 000,418,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.07 18:39:09 | 000,014,565 | ---- | M] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.01 22:31:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.01 22:31:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.01 22:31:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.23 13:57:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.21 21:06:22 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.04.21 20:54:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.21 20:54:50 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.07 18:39:09 | 000,014,565 | ---- | C] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf
[2013.04.02 13:51:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.04 18:17:57 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012.10.05 12:22:56 | 000,000,282 | ---- | C] () -- C:\Windows\game.ini
[2012.09.28 19:17:46 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.28 19:17:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.09.28 19:17:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.25 17:28:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.25 17:28:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.12 19:43:53 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat
[2012.08.07 15:34:52 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.07.28 23:04:22 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.07.28 22:55:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.07.28 17:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.28 17:50:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 17:50:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.28 17:50:32 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.21 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.09.08 11:34:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development
[2013.01.04 18:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.08.02 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.12.13 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2012.07.29 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.08.01 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation
[2012.07.28 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Splashtop
[2013.04.13 15:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.10.31 11:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >
         
--- --- ---

[/CODE]

gmer:
Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-23 14:29:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000072ad1a22 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000072ad1ad0 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000072ad1b08 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000072ad1bba 2 bytes [AD, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1880] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000072ad1bda 2 bytes [AD, 72]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2196] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000076d41465 2 bytes [D4, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[1816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2
.text   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076d41465 2 bytes [D4, 76]
.text   C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3112] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               0000000076d414bb 2 bytes [D4, 76]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread   [844:856]                                                                                                                                             0000000077ad3e45
Thread   [844:860]                                                                                                                                             0000000075f17587
Thread   [844:864]                                                                                                                                             0000000074f6c59c
Thread   [844:868]                                                                                                                                             0000000074f6c59c
Thread   [844:916]                                                                                                                                             0000000074f6c59c
Thread   [844:920]                                                                                                                                             0000000077ad2e25
Thread   [844:932]                                                                                                                                             0000000074f6c41c
Thread   [844:936]                                                                                                                                             0000000074e8e2db
Thread   [844:940]                                                                                                                                             0000000074f6c59c
Thread   [844:944]                                                                                                                                             0000000074f6c41c
Thread   [844:948]                                                                                                                                             0000000074f6c41c
Thread   [844:952]                                                                                                                                             0000000074f6c41c
Thread   [844:956]                                                                                                                                             0000000074f6c41c
Thread   [844:960]                                                                                                                                             0000000074f6c41c
Thread   [844:964]                                                                                                                                             0000000074f6c41c
Thread   [844:968]                                                                                                                                             0000000074f6c41c
Thread   [844:972]                                                                                                                                             0000000074f6c41c
Thread   [844:976]                                                                                                                                             0000000074f6c41c
Thread   [844:980]                                                                                                                                             0000000074f6c41c
Thread   [844:984]                                                                                                                                             0000000074f6c41c
Thread   [844:988]                                                                                                                                             0000000074f6c41c
Thread   [844:992]                                                                                                                                             0000000074f6c41c
Thread   [844:996]                                                                                                                                             0000000074f6c41c
Thread   [844:1000]                                                                                                                                            0000000074f6c41c
Thread   [844:1004]                                                                                                                                            0000000074f6c41c
Thread   [844:1008]                                                                                                                                            0000000074f6c41c
Thread   [844:1012]                                                                                                                                            0000000074f6c59c
Thread   [844:1016]                                                                                                                                            0000000074278df0
Thread   [844:1020]                                                                                                                                            0000000074278df0
Thread   [844:156]                                                                                                                                             0000000074278df0
Thread   [844:160]                                                                                                                                             0000000074274e70
Thread   [844:464]                                                                                                                                             0000000074f6c59c
Thread   [844:3096]                                                                                                                                            0000000074f6c59c
Thread   [844:3904]                                                                                                                                            0000000074f6c59c
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:2964]                                                                                                              0000000001203fe1
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3296]                                                                                                              0000000070338c3c
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3300]                                                                                                              0000000070338f11
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3304]                                                                                                              000000007033882e
Thread  C:\Windows\SysWOW64\ntdll.dll [2960:3308]                                                                                                              0000000073e9786a

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---
und hier auch noch von Spybot:
Code:
ATTFilter
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Processing: 130422-181356.xml
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Microsoft.Windows.Security.InternetExplorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\  iexplore.exe
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Macromedia.FlashPlayer.Cookies
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\cdn.flashtalking.com\  ftLocalComms.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\core.mochibot.com\  com.mochibot.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\doug1izaerwt3.cloudfront.net\  fa3e9c783cb6bec308806b37b0c2d78f26f4de4d.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\ia.media-imdb.com\  IMDBTEST.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\images-na.ssl-images-amazon.com\  mercury.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\imagesrv.adition.com\  movad.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\members.bet365.com\  FCE.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  com.mochiads.lock.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  com.mochiads.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  mochiLCStatus.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  services.mochiads.com.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  __coinsEventLC__.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  __ms_1353002146639_77109.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\  __ms_1353002146639_77109_fromgame.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochibot.com\  com.mochibot.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\  analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\  soundData.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\  videostats.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server11.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server22.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server25.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server29.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server44.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server6.stream2k.com\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.afcdn.com\  analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\streamcloud.eu\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  analytics.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  pa411.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  SpilGames_hot_pursuit_city_UserData.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  WAG_DogfightAces_Campaign.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  WAG_DogfightAces_Defence.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\  WAG_DogfightAces_Main.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.naiadexports.com\  naiad.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www8.agame.com\  com.spilgames.settings.1.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\yesload.net\  com.jeroenwijering.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\js.adscale.de\adscale-playlist.swf\  ADSCALE_VOLUME.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##12B5C53856D2479D\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##1BB569B201A2417E\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4109631858BF8467\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4BADABEB8E8C69D1\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##5AB2FEA9FC7F8419\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##8ABE9FD535F69C17\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##D8042BAA605AE25F\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##F3593E2E0230D607\  00000001.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\skype.com\#ui\  preferences.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.putlocker.com\video_player.swf\  org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.sockshare.com\video_player.swf\  org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\a.affil.io\s\af.swf\  afstorage.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\back7.keycaptcha.com\js\keycaptcha-logo\  kcv_uid.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\dex.ct-ads.com\cdn\storage.swf\  cta.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\heias.com\x\heias_sc.swf\  heias.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\icq.com\IrCQNet\chat2009.swf\  chat_pref.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\olympia.ard.de\flash\OSMFPlayer.swf\  HDCore.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\player\flowplayer.commercial-3.2.7.swf\  org.flowplayer.sol
[i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\stat.ed.cupidplc.com\images\ed2.swf\  srfp_28.sol
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MediaPlex
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***)  Cookie:***@mediaplex.com/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***)  Cookie:***@apmebf.com/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .apmebf.com/ (S)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .mediaplex.com/ (svid)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .apmebf.com/ (TT)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (S)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .apmebf.com/ (LCLK)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (LCLK)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (TT)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .emjcd.com/ (PBLP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .mediaplex.com/ (mojo1)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .mediaplex.com/ (mojo3)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: FastClick
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***)  Cookie:***@fastclick.net/ ()
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .fastclick.net/ (pluto)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: DoubleClick
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .doubleclick.net/ (id)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .googleads.g.doubleclick.net/ (ebNewBandWidth_.googleads.g.doubleclick.net)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .doubleclick.net/ (_drt_)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Zedo
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (ZEDOIDA)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (PCA1395102)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (PI)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFMCap)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFgeo)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (ZEDOIDX)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFcat)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .zedo.com/ (FFad)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Tradedoubler
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TradeDoublerGUID)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_EH_0)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_POOL)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_UNIQUE_IMP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (TD_PIC)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .tradedoubler.com/ (BT)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Statcounter
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .statcounter.com/ (is_unique)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: BurstMedia
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .burstnet.com/ (BI75128)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .www.burstnet.com/ (56Q8)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Adviva
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .adviva.net/ (ug)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: CasaleMedia
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMD2)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (C7M5)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMID)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMPS)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMPP)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMRUM2)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMST)
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  .casalemedia.com/ (CMDD)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: WebTrends live
[i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default))  statse.webtrendslive.com/ (ACOOKIE)
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  ntbtlog.txt
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  Directx.log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  setupact.log
[+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\  DtcInstall.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  ntbtlog.txt
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  Directx.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  setupact.log
[+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\  DtcInstall.log
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: 7-Zip
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\  FolderHistory
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\  PanelPath0
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Internet Explorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\TypedURLs  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Management Console
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Microsoft Management Console\Recent File List  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Media Player
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\MediaPlayer\Player\Settings\  Client ID
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Direct3D
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS DirectDraw
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS DirectInput
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\  Name
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\  Id
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: MS Paint
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Windows.OpenWith
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Windows Explorer
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU  
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU  
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Windows Media SDK
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\  ComputerName
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\  UniqueID
[i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\  VolumeSerialNumber
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Cookie
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***)  Cookies
[i] 2013-04-22 18:36:09 Already cleaned: Firefox (*** (default))  Cookies
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Cache
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***)  Cache
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Product: Verlauf
[i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***)  History
[i] 2013-04-22 18:36:09 : 
[i] 2013-04-22 18:36:09 Summary: 
[i] 2013-04-22 18:36:09 Errors while cleaning: 0
[i] 2013-04-22 18:36:09 Files moved into quarantine: 4
[i] 2013-04-22 18:36:09 Files successfully cleaned: 133
[+] 2013-04-22 18:36:10 : Gratulation, alles (aus Datei 130422-181356.xml) wurde gelöscht.
         
Schonmal Danke im voraus!

Geändert von zwn (23.04.2013 um 14:32 Uhr)

 

Themen zu Virus nach Facebook-"Video"?
7-zip, ad-aware, antivir, autorun, bho, black, converter, error, excel, flash player, helper, install.exe, logfile, mozilla, ntdll.dll, prozess, registry, rundll, safer networking, scan, security, senden, software, super, svchost.exe, system, teamspeak, trojaner-board, usb, virus, windows, wurm




Ähnliche Themen: Virus nach Facebook-"Video"?


  1. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  2. Facebook Virus "Ihr Computer muss gereinigt werden"
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (34)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Facebook: "Dein Computer muss gereinigt werden" (Virus/Malware?)
    Plagegeister aller Art und deren Bekämpfung - 12.11.2014 (11)
  5. Windows7: "Facebook lol Virus/Trojaner"?
    Log-Analyse und Auswertung - 16.05.2014 (11)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Rechner befallen nach Video "14 year old girl did in front of public"
    Log-Analyse und Auswertung - 11.08.2013 (11)
  8. Facebook-Trojaner?: "14-y.o. girl"-Video versucht zu öffnen
    Log-Analyse und Auswertung - 28.07.2013 (1)
  9. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  10. Facebook-Virus "weeeeeeerrrr ist daaaaaass? " TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (11)
  11. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  12. "Scr-Virus" auf Facebook
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (4)
  13. Frage zu "Facebook Virus"
    Plagegeister aller Art und deren Bekämpfung - 21.09.2011 (12)
  14. PC wird immer langsamer! "?Facebook-Virus!?" ErBITTE dringend log.Auswertung!
    Log-Analyse und Auswertung - 27.08.2011 (16)
  15. Facebook-Virus "Bist du das...?"-Infektion
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (14)
  16. "Ist das dein Video"-Virus
    Log-Analyse und Auswertung - 02.09.2009 (7)
  17. Nach Virus keine "ausführen"befehl im startmenü und keine "ordneroptionen"!
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (2)

Zum Thema Virus nach Facebook-"Video"? - Hallo, ich habe vor einigen Tagen dummerweise auf ein vermeintliches Video bei Facebook geklickt, woraufhin sich ein neuer Tab öffnete wo ich eine Datei hätte herunterladen sollen um das Video - Virus nach Facebook-"Video"?...
Archiv
Du betrachtest: Virus nach Facebook-"Video"? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.