Habe mir wohl was eingefangen! wssetup.exe Perion Network Ltd.

StefanPT · 05.06.2013, 09:27

Hallo seit neustem erscheint nach dem booten eine Installationsaufforderung für eine Datei namens wssetup.exe

Habe mich bisschen erkundigt (google) und befürchte was schlimmeres. Ich selbst habe noch nix getan.

Könnt ihr mir helfen ?

Grüße Stefan

schrauber · 05.06.2013, 09:52

Hi,

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).

Doppelklick auf die OTL.exe
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

StefanPT · 05.06.2013, 11:25

Hallo Schrauber,

vielen Dank dass du dich meiner annimmst.

Hier die zwei Logfiles.

Grüße

schrauber · 05.06.2013, 12:40

Hi,

Logs bitte in Codetags in den Thread posten.

Kannst Du einen Screenshot von der Meldung machen?

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

StefanPT · 05.06.2013, 14:08

Screenshot hat nicht funktioniert, hab dann mal ein Bild gemacht

Code:

ATTFilter

ComboFix 13-06-05.01 - Stefan Roth 05.06.2013  14:27:44.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1791.826 [GMT 2:00]
ausgeführt von:: c:\users\Stefan Roth\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-05 bis 2013-06-05  ))))))))))))))))))))))))))))))
.
.
2013-06-05 12:46 . 2013-06-05 12:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-05 12:46 . 2013-06-05 12:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-05 12:28 . 2013-06-05 12:28	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F68084F8-29BA-400D-AEA7-EB648C67CB5C}\offreg.dll
2013-06-04 08:19 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F68084F8-29BA-400D-AEA7-EB648C67CB5C}\mpengine.dll
2013-06-03 15:36 . 2013-06-03 15:36	--------	d-----w-	c:\program files\iPod
2013-06-03 15:36 . 2013-06-03 15:37	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-03 15:36 . 2013-06-03 15:37	--------	d-----w-	c:\program files\iTunes
2013-05-16 17:37 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-16 13:48 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-16 13:48 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-16 13:48 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-16 13:47 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 13:47 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 13:47 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-16 13:47 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-16 13:47 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 14:29 . 2012-06-22 07:04	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 14:29 . 2012-06-22 07:04	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-06-21 18:35	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 13:47	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 13:47	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:31	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-23 12:26	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 10:56 . 2013-03-19 10:56	62464	----a-w-	c:\windows\system32\drivers\usblddaqlib.sys
2013-03-19 10:56 . 2013-03-19 10:56	615424	----a-w-	c:\windows\system32\drivers\usbdaqlib.sys
2013-03-19 10:56 . 2013-03-19 10:56	54784	----a-w-	c:\windows\system32\drivers\CBULWDM.sys
2013-03-19 10:56 . 2013-03-19 10:56	53984	----a-w-	c:\windows\system32\drivers\CBUL32.sys
2013-03-19 10:56 . 2013-03-19 10:56	445568	----a-w-	c:\windows\system32\drivers\pcidaqlib.sys
2013-03-19 10:56 . 2013-03-19 10:56	36480	----a-w-	c:\windows\system32\drivers\mccusb.sys
2013-03-19 05:04 . 2013-04-11 12:16	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 12:16	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-11 12:16	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-11 12:16	69632	----a-w-	c:\windows\system32\smss.exe
2013-03-12 09:53 . 2012-09-27 13:15	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-12 09:53 . 2012-09-27 13:15	782240	----a-w-	c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Stefan Roth\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Stefan Roth\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Stefan Roth\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\Stefan Roth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stefan Roth\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VR-NetWorld Auftragsprüfung.lnk - c:\program files\VR-NetWorld\vrtoolcheckorder.exe [2012-8-13 1136640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 CBUL32;Measurement Computing DataAcq;c:\windows\system32\drivers\CBUL32.sys [2013-03-19 53984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-22 239168]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-06-24 86224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 14:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Stefan Roth\AppData\Roaming\Mozilla\Firefox\Profiles\n46xgy0h.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-05  14:50:39
ComboFix-quarantined-files.txt  2013-06-05 12:50
.
Vor Suchlauf: 7 Verzeichnis(se), 15.773.995.008 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 16.553.242.624 Bytes frei
.
- - End Of File - - CEDFF30308F9A446E8779BB4F0F9B778

schrauber · 05.06.2013, 14:55

Faszinierend das CF den Startpunkt nicht sieht, dann anders

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

StefanPT · 05.06.2013, 15:16

OK Scan ist durchgelaufen, hier die logs

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Stefan Roth (administrator) on 05-06-2013 16:03:39
Running from C:\Users\Stefan Roth\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Stefan Roth\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM\...\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKCU\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Stefan Roth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stefan Roth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan Roth\AppData\Roaming\Mozilla\Firefox\Profiles\n46xgy0h.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-06-24] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-06-24] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-06-24] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
S1 CBUL32; C:\Windows\system32\drivers\CBUL32.sys [53984 2013-03-19] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-06-22] (DT Soft Ltd)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 catchme; \??\C:\Users\STEFAN~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-05 16:03 - 2013-06-05 16:03 - 00000000 ____D C:\FRST
2013-06-05 16:02 - 2013-06-05 16:00 - 01357013 ____A (Farbar) C:\Users\Stefan Roth\Desktop\FRST.exe
2013-06-05 14:50 - 2013-06-05 14:50 - 00010689 ____A C:\ComboFix.txt
2013-06-05 14:23 - 2013-06-05 14:50 - 00000000 ____D C:\ComboFix
2013-06-05 14:23 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-05 14:23 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-05 14:23 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-05 14:22 - 2013-06-05 14:50 - 00000000 ____D C:\Qoobox
2013-06-05 14:22 - 2013-06-05 14:48 - 00000000 ____D C:\Windows\erdnt
2013-06-05 14:20 - 2013-06-05 13:59 - 05077996 ____R (Swearware) C:\Users\Stefan Roth\Desktop\ComboFix.exe
2013-06-05 11:24 - 2013-06-05 11:24 - 00059162 ____A C:\Users\Stefan Roth\Desktop\Extras.Txt
2013-06-05 11:18 - 2013-06-05 11:18 - 00049014 ____A C:\Users\Stefan Roth\Desktop\OTL.Txt
2013-06-05 10:57 - 2013-06-05 10:56 - 00602112 ____A (OldTimer Tools) C:\Users\Stefan Roth\Desktop\OTL.exe
2013-06-03 17:36 - 2013-06-03 17:37 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-03 17:36 - 2013-06-03 17:37 - 00000000 ____D C:\Program Files\iTunes
2013-06-03 17:36 - 2013-06-03 17:36 - 00000000 ____D C:\Program Files\iPod
2013-05-27 12:14 - 2013-05-27 12:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-16 19:45 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 19:45 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 19:45 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 19:45 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 19:45 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 19:45 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 19:45 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 19:45 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 19:45 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 19:45 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 19:45 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 19:45 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 19:45 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 19:45 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 19:37 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 19:37 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 15:48 - 2013-04-10 05:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 15:48 - 2013-03-19 06:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 15:48 - 2013-03-19 05:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 15:47 - 2013-04-10 07:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 15:47 - 2013-04-10 07:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 15:47 - 2013-02-27 07:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 15:47 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 15:47 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 15:47 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 15:47 - 2013-02-27 06:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

==================== One Month Modified Files and Folders ========

2013-06-05 16:03 - 2013-06-05 16:03 - 00000000 ____D C:\FRST
2013-06-05 16:00 - 2013-06-05 16:02 - 01357013 ____A (Farbar) C:\Users\Stefan Roth\Desktop\FRST.exe
2013-06-05 15:29 - 2012-06-22 09:04 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-05 15:02 - 2009-07-14 06:34 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-05 15:02 - 2009-07-14 06:34 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-05 14:58 - 2012-06-22 11:39 - 00000000 ____D C:\Users\Stefan Roth\AppData\Local\40265332-9B96-41A6-98B9-5F5470C8933D.aplzod
2013-06-05 14:56 - 2012-06-21 21:20 - 00000000 ____D C:\Users\Stefan Roth\AppData\Roaming\Dropbox
2013-06-05 14:55 - 2012-06-22 07:47 - 00000000 ___RD C:\Users\Stefan Roth\Dropbox
2013-06-05 14:54 - 2012-06-22 10:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-05 14:54 - 2012-06-21 19:54 - 01895354 ____A C:\Windows\WindowsUpdate.log
2013-06-05 14:54 - 2010-11-20 23:48 - 00095070 ____A C:\Windows\PFRO.log
2013-06-05 14:54 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 14:54 - 2009-07-14 06:39 - 00046607 ____A C:\Windows\setupact.log
2013-06-05 14:50 - 2013-06-05 14:50 - 00010689 ____A C:\ComboFix.txt
2013-06-05 14:50 - 2013-06-05 14:23 - 00000000 ____D C:\ComboFix
2013-06-05 14:50 - 2013-06-05 14:22 - 00000000 ____D C:\Qoobox
2013-06-05 14:50 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-05 14:48 - 2013-06-05 14:22 - 00000000 ____D C:\Windows\erdnt
2013-06-05 14:46 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-05 13:59 - 2013-06-05 14:20 - 05077996 ____R (Swearware) C:\Users\Stefan Roth\Desktop\ComboFix.exe
2013-06-05 11:24 - 2013-06-05 11:24 - 00059162 ____A C:\Users\Stefan Roth\Desktop\Extras.Txt
2013-06-05 11:18 - 2013-06-05 11:18 - 00049014 ____A C:\Users\Stefan Roth\Desktop\OTL.Txt
2013-06-05 10:56 - 2013-06-05 10:57 - 00602112 ____A (OldTimer Tools) C:\Users\Stefan Roth\Desktop\OTL.exe
2013-06-03 17:37 - 2013-06-03 17:36 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-03 17:37 - 2013-06-03 17:36 - 00000000 ____D C:\Program Files\iTunes
2013-06-03 17:36 - 2013-06-03 17:36 - 00000000 ____D C:\Program Files\iPod
2013-06-03 17:36 - 2012-06-21 21:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-29 12:06 - 2012-06-22 13:50 - 00000000 ____D C:\Users\Stefan Roth\AppData\Roaming\FileZilla
2013-05-29 12:05 - 2012-06-21 21:32 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-05-28 13:01 - 2012-06-22 10:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 12:14 - 2013-05-27 12:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 18:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-05-17 17:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-17 15:53 - 2009-07-14 06:33 - 01794488 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 15:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-16 19:47 - 2012-06-21 21:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 19:41 - 2010-11-20 23:01 - 01518986 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 19:33 - 2012-06-22 11:13 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 16:29 - 2012-06-22 09:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-16 16:29 - 2012-06-22 09:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-03 16:12

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by Stefan Roth at 2013-06-05 16:05:36 Run:
Running from C:\Users\Stefan Roth\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.0)
Adobe After Effects CS3 Presets (Version: 8)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Recommended Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Extra Settings (Version: 1.0)
Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Flash Player 9 ActiveX (Version: 9.0.45.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Allway Sync version 11.7.0
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Audiograbber 1.83 SE  (Version: 1.83 SE)
Avira Free Antivirus (Version: 12.1.9.1236)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-5890CN (Version: 1.0.1.0)
DAEMON Tools Lite (Version: 4.45.1.0236)
Dropbox (Version: 1.6.18)
ElsterFormular (Version: 14.1.11318)
FileZilla Client 3.7.0.2 (Version: 3.7.0.2)
iCloud (Version: 2.1.2.8)
IrfanView (remove only) (Version: 4.32)
iTunes (Version: 11.0.3.42)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
medo.check personal training & firmentfitness 2.9.2 (Version: 2.9.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)
Miranda IM 0.10.8 (Version: 0.10.8)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Name (Version: 2.9.0)
Nero 8 (Version: 8.3.18)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Treiber 310.90 (Version: 310.90)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Grafiktreiber 310.90 (Version: 310.90)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1090)
NVIDIA Systemsteuerung 310.90 (Version: 310.90)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
PDF Settings (Version: 1.0)
PDFCreator (Version: 1.4.1)
SweetIM for Messenger 3.7 (Version: 3.7.0007)
TeamViewer 8 (Version: 8.0.17396)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update Manager for SweetPacks 1.1 (Version: 1.1.0008)
VCRedistSetup (Version: 1.0.0)
Video Converter Bundle by SweetPacks (Version: 1.0.0.0)
VLC media player 2.0.3 (Version: 2.0.3)
VR-NetWorld
Winamp (Version: 5.63 )
winlactat 4.0.0.30
winlactat 4.2.0.47 (Version: 4.2)
WinRAR 4.10 (32-Bit) (Version: 4.10.0)

==================== Restore Points  =========================

05-06-2013 12:23:27 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2013 02:56:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2013 02:16:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2013 02:10:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2013 02:01:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2013 10:06:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2013 04:58:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2013 00:26:56 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/06/04 12:26:56.687]: [00001808]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (06/04/2013 00:26:55 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/06/04 12:26:55.671]: [00001808]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (06/04/2013 00:02:29 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/06/04 12:02:29.492]: [00001808]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (06/04/2013 00:02:28 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/06/04 12:02:28.489]: [00001808]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5


System errors:
=============
Error: (06/05/2013 02:57:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/05/2013 02:57:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/05/2013 02:55:31 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CBUL32

Error: (06/05/2013 02:46:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/05/2013 02:36:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/05/2013 02:27:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/05/2013 02:17:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/05/2013 02:17:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/05/2013 02:14:59 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
CBUL32

Error: (06/05/2013 02:11:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (05/05/2013 02:13:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1040 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (09/06/2012 01:17:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7314 seconds with 2520 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 1791.24 MB
Available physical RAM: 791.84 MB
Total Pagefile: 3582.48 MB
Available Pagefile: 2165.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:60 GB) (Free:15.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:238.08 GB) (Free:141 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0E8A14FC)
Partition 1: (Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber · 05.06.2013, 16:21

Hi,

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST Log bitte.

StefanPT · 05.06.2013, 16:53

Hallo,

die Installationsaufforderung kam nach dem von adwcleaner durchgeführten neustart nicht mehr!!!

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 05/06/2013 um 17:31:43 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Stefan Roth - STEFANROTH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan Roth\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\sweetpacks bundle uninstaller
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Stefan Roth\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Stefan Roth\AppData\Roaming\Mozilla\Firefox\Profiles\n46xgy0h.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [11142 octets] - [05/06/2013 17:31:43]

########## EOF - C:\AdwCleaner[S1].txt - [11203 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Stefan Roth on 05.06.2013 at 17:39:12,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Stefan Roth\AppData\Roaming\mozilla\firefox\profiles\n46xgy0h.default\minidumps [191 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2013 at 17:42:59,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Stefan Roth (administrator) on 05-06-2013 17:47:17
Running from C:\Users\Stefan Roth\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Stefan Roth\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKCU\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Stefan Roth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stefan Roth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Stefan Roth\AppData\Roaming\Mozilla\Firefox\Profiles\n46xgy0h.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-06-24] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-06-24] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-06-24] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-12-15] (Avira GmbH)
S1 CBUL32; C:\Windows\system32\drivers\CBUL32.sys [53984 2013-03-19] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-06-22] (DT Soft Ltd)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 catchme; \??\C:\Users\STEFAN~1\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-05 17:42 - 2013-06-05 17:42 - 00000919 ____A C:\Users\Stefan Roth\Desktop\JRT.txt
2013-06-05 17:39 - 2013-06-05 17:39 - 00000000 ____D C:\Windows\ERUNT
2013-06-05 17:39 - 2013-06-05 17:39 - 00000000 ____D C:\JRT
2013-06-05 17:38 - 2013-06-05 17:38 - 00011273 ____A C:\Users\Stefan Roth\Desktop\AdwCleaner[S1].txt
2013-06-05 17:31 - 2013-06-05 17:32 - 00011273 ____A C:\AdwCleaner[S1].txt
2013-06-05 17:30 - 2013-06-05 17:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Stefan Roth\Desktop\JRT.exe
2013-06-05 17:30 - 2013-06-05 17:29 - 00632031 ____A C:\Users\Stefan Roth\Desktop\adwcleaner.exe
2013-06-05 16:05 - 2013-06-05 16:06 - 00013898 ____A C:\Users\Stefan Roth\Desktop\Addition.txt
2013-06-05 16:03 - 2013-06-05 16:03 - 00000000 ____D C:\FRST
2013-06-05 16:02 - 2013-06-05 16:00 - 01357013 ____A (Farbar) C:\Users\Stefan Roth\Desktop\FRST.exe
2013-06-05 14:50 - 2013-06-05 14:50 - 00010689 ____A C:\ComboFix.txt
2013-06-05 14:23 - 2013-06-05 14:50 - 00000000 ____D C:\ComboFix
2013-06-05 14:23 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-05 14:23 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-05 14:23 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-05 14:23 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-05 14:22 - 2013-06-05 14:50 - 00000000 ____D C:\Qoobox
2013-06-05 14:22 - 2013-06-05 14:48 - 00000000 ____D C:\Windows\erdnt
2013-06-05 14:20 - 2013-06-05 13:59 - 05077996 ____R (Swearware) C:\Users\Stefan Roth\Desktop\ComboFix.exe
2013-06-05 11:24 - 2013-06-05 11:24 - 00059162 ____A C:\Users\Stefan Roth\Desktop\Extras.Txt
2013-06-05 11:18 - 2013-06-05 11:18 - 00049014 ____A C:\Users\Stefan Roth\Desktop\OTL.Txt
2013-06-05 10:57 - 2013-06-05 10:56 - 00602112 ____A (OldTimer Tools) C:\Users\Stefan Roth\Desktop\OTL.exe
2013-06-03 17:36 - 2013-06-03 17:37 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-03 17:36 - 2013-06-03 17:37 - 00000000 ____D C:\Program Files\iTunes
2013-06-03 17:36 - 2013-06-03 17:36 - 00000000 ____D C:\Program Files\iPod
2013-05-27 12:14 - 2013-05-27 12:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-16 19:45 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 19:45 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 19:45 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 19:45 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 19:45 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 19:45 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 19:45 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 19:45 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 19:45 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 19:45 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 19:45 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 19:45 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 19:45 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 19:45 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 19:37 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 19:37 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 15:48 - 2013-04-10 05:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 15:48 - 2013-03-19 06:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 15:48 - 2013-03-19 05:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 15:47 - 2013-04-10 07:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 15:47 - 2013-04-10 07:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 15:47 - 2013-02-27 07:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 15:47 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 15:47 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 15:47 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 15:47 - 2013-02-27 06:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

==================== One Month Modified Files and Folders ========

2013-06-05 17:45 - 2012-06-22 11:39 - 00000000 ____D C:\Users\Stefan Roth\AppData\Local\40265332-9B96-41A6-98B9-5F5470C8933D.aplzod
2013-06-05 17:45 - 2010-11-20 23:01 - 01526060 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-05 17:42 - 2013-06-05 17:42 - 00000919 ____A C:\Users\Stefan Roth\Desktop\JRT.txt
2013-06-05 17:41 - 2009-07-14 06:34 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-05 17:41 - 2009-07-14 06:34 - 00021664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-05 17:39 - 2013-06-05 17:39 - 00000000 ____D C:\Windows\ERUNT
2013-06-05 17:39 - 2013-06-05 17:39 - 00000000 ____D C:\JRT
2013-06-05 17:38 - 2013-06-05 17:38 - 00011273 ____A C:\Users\Stefan Roth\Desktop\AdwCleaner[S1].txt
2013-06-05 17:34 - 2012-06-22 07:47 - 00000000 ___RD C:\Users\Stefan Roth\Dropbox
2013-06-05 17:34 - 2012-06-21 21:20 - 00000000 ____D C:\Users\Stefan Roth\AppData\Roaming\Dropbox
2013-06-05 17:33 - 2012-06-22 10:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-05 17:33 - 2012-06-21 19:54 - 01916398 ____A C:\Windows\WindowsUpdate.log
2013-06-05 17:33 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 17:33 - 2009-07-14 06:39 - 00046663 ____A C:\Windows\setupact.log
2013-06-05 17:32 - 2013-06-05 17:31 - 00011273 ____A C:\AdwCleaner[S1].txt
2013-06-05 17:30 - 2013-06-05 17:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Stefan Roth\Desktop\JRT.exe
2013-06-05 17:29 - 2013-06-05 17:30 - 00632031 ____A C:\Users\Stefan Roth\Desktop\adwcleaner.exe
2013-06-05 17:29 - 2012-06-22 09:04 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-05 16:06 - 2013-06-05 16:05 - 00013898 ____A C:\Users\Stefan Roth\Desktop\Addition.txt
2013-06-05 16:03 - 2013-06-05 16:03 - 00000000 ____D C:\FRST
2013-06-05 16:00 - 2013-06-05 16:02 - 01357013 ____A (Farbar) C:\Users\Stefan Roth\Desktop\FRST.exe
2013-06-05 14:54 - 2010-11-20 23:48 - 00095070 ____A C:\Windows\PFRO.log
2013-06-05 14:50 - 2013-06-05 14:50 - 00010689 ____A C:\ComboFix.txt
2013-06-05 14:50 - 2013-06-05 14:23 - 00000000 ____D C:\ComboFix
2013-06-05 14:50 - 2013-06-05 14:22 - 00000000 ____D C:\Qoobox
2013-06-05 14:50 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-05 14:48 - 2013-06-05 14:22 - 00000000 ____D C:\Windows\erdnt
2013-06-05 14:46 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-05 13:59 - 2013-06-05 14:20 - 05077996 ____R (Swearware) C:\Users\Stefan Roth\Desktop\ComboFix.exe
2013-06-05 11:24 - 2013-06-05 11:24 - 00059162 ____A C:\Users\Stefan Roth\Desktop\Extras.Txt
2013-06-05 11:18 - 2013-06-05 11:18 - 00049014 ____A C:\Users\Stefan Roth\Desktop\OTL.Txt
2013-06-05 10:56 - 2013-06-05 10:57 - 00602112 ____A (OldTimer Tools) C:\Users\Stefan Roth\Desktop\OTL.exe
2013-06-03 17:37 - 2013-06-03 17:36 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-03 17:37 - 2013-06-03 17:36 - 00000000 ____D C:\Program Files\iTunes
2013-06-03 17:36 - 2013-06-03 17:36 - 00000000 ____D C:\Program Files\iPod
2013-06-03 17:36 - 2012-06-21 21:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-29 12:06 - 2012-06-22 13:50 - 00000000 ____D C:\Users\Stefan Roth\AppData\Roaming\FileZilla
2013-05-29 12:05 - 2012-06-21 21:32 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-05-28 13:01 - 2012-06-22 10:34 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-27 12:14 - 2013-05-27 12:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 18:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-05-17 17:54 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-17 15:53 - 2009-07-14 06:33 - 01794488 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 15:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-16 19:47 - 2012-06-21 21:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 19:33 - 2012-06-22 11:13 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 16:29 - 2012-06-22 09:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-16 16:29 - 2012-06-22 09:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-03 16:12

==================== End Of Log ============================

schrauber · 05.06.2013, 19:48

Supi

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches OTL log bitte.

StefanPT · 06.06.2013, 09:30

So nun endlich gehts weiter, der Online scan hat mich etwas aufgehalten (12h)

eset log

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5e9465d040e214459e44465afc0bd8b8
# engine=14007
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-06 07:43:23
# local_time=2013-06-06 09:43:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 100 60111 235931493 52865 0
# compatibility_mode=5893 16776573 100 94 57572 122135794 0 0
# scanned=232010
# found=1
# cleaned=0
# scan_time=43903
sh=1F149B764335ADDCAB571FE8FD43B27757C76049 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan" ac=I fn="F:\Sicherung Tina\Hallo Sommer\koma lambada - best track ever.mp3"

security Check log - das ist bestimmt schiefgelaufen, oder sollte das rauskommen?

Code:

ATTFilter

UNSUPPORTED OPERATING SYSTEM! ABORTED!

OTL log

Code:

ATTFilter

OTL logfile created on: 06.06.2013 10:05:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan Roth\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 46,94% Memory free
3,50 Gb Paging File | 2,10 Gb Available in Paging File | 59,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 14,89 Gb Free Space | 24,82% Space Free | Partition Type: NTFS
Drive D: | 238,08 Gb Total Space | 141,00 Gb Free Space | 59,22% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 80,72 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 95,59 Gb Free Space | 64,14% Space Free | Partition Type: NTFS
 
Computer Name: STEFANROTH-PC | User Name: Stefan Roth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan Roth\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Users\Stefan Roth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Programme\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.DEU ()
MOD - C:\Programme\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\STEFAN~1\AppData\Local\Temp\catchme.sys File not found
DRV - (CBUL32) -- C:\Windows\System32\drivers\CBUL32.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 EF EC 18 2D 20 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.27 12:14:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.27 12:14:38 | 000,000,000 | ---D | M]
 
[2012.06.21 20:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Roth\AppData\Roaming\mozilla\Extensions
[2012.10.23 09:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Roth\AppData\Roaming\mozilla\Firefox\Profiles\n46xgy0h.default\extensions
[2013.05.27 12:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.27 12:14:51 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\Stefan Roth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan Roth\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54EB68A8-F786-4164-AB41-071FC0E5B6B9}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 21:28:45 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Stefan Roth\Desktop\esetsmartinstaller_enu.exe
[2013.06.05 17:39:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.05 17:39:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.05 17:30:50 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Stefan Roth\Desktop\JRT.exe
[2013.06.05 16:03:17 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.05 16:02:16 | 001,357,013 | ---- | C] (Farbar) -- C:\Users\Stefan Roth\Desktop\FRST.exe
[2013.06.05 14:50:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.05 14:50:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan Roth\AppData\Local\temp
[2013.06.05 14:46:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.05 14:23:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.05 14:23:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.05 14:23:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.05 14:23:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.05 14:22:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.05 14:22:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.05 14:20:30 | 005,077,996 | R--- | C] (Swearware) -- C:\Users\Stefan Roth\Desktop\ComboFix.exe
[2013.06.05 10:57:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan Roth\Desktop\OTL.exe
[2013.06.03 17:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.03 17:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.03 17:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.03 17:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.06.03 17:30:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.05.27 12:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.16 19:45:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 19:45:11 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 19:45:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 19:45:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.16 19:45:08 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 19:45:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.16 19:45:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.16 19:37:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 15:48:03 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 15:48:00 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 15:47:49 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 15:47:40 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.16 15:47:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 10:03:01 | 000,890,839 | ---- | M] () -- C:\Users\Stefan Roth\Desktop\SecurityCheck.exe
[2013.06.06 09:29:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.05 21:28:14 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Stefan Roth\Desktop\esetsmartinstaller_enu.exe
[2013.06.05 21:27:21 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.05 21:27:21 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.05 21:27:21 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.05 21:27:21 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.05 17:41:38 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 17:41:38 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 17:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.05 17:33:29 | 1408,688,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 17:30:31 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Stefan Roth\Desktop\JRT.exe
[2013.06.05 17:29:56 | 000,632,031 | ---- | M] () -- C:\Users\Stefan Roth\Desktop\adwcleaner.exe
[2013.06.05 16:00:28 | 001,357,013 | ---- | M] (Farbar) -- C:\Users\Stefan Roth\Desktop\FRST.exe
[2013.06.05 13:59:03 | 005,077,996 | R--- | M] (Swearware) -- C:\Users\Stefan Roth\Desktop\ComboFix.exe
[2013.06.05 10:56:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan Roth\Desktop\OTL.exe
[2013.05.17 15:53:04 | 001,794,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 16:29:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.16 16:29:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.08 15:05:57 | 001,767,105 | ---- | M] () -- C:\Users\Stefan Roth\Desktop\LBS_Kontoauszug2.jpg
[2013.05.08 15:05:23 | 003,116,186 | ---- | M] () -- C:\Users\Stefan Roth\Desktop\Wüstenrot_Kontoauszug.jpg
[2013.05.08 15:04:44 | 001,751,171 | ---- | M] () -- C:\Users\Stefan Roth\Desktop\LBS_Kontoauszug1.jpg
 
========== Files Created - No Company Name ==========
 
[2013.06.06 10:03:22 | 000,890,839 | ---- | C] () -- C:\Users\Stefan Roth\Desktop\SecurityCheck.exe
[2013.06.05 17:30:35 | 000,632,031 | ---- | C] () -- C:\Users\Stefan Roth\Desktop\adwcleaner.exe
[2013.06.05 14:23:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.05 14:23:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.05 14:23:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.05 14:23:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.05 14:23:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.08 15:05:56 | 001,767,105 | ---- | C] () -- C:\Users\Stefan Roth\Desktop\LBS_Kontoauszug2.jpg
[2013.05.08 15:05:22 | 003,116,186 | ---- | C] () -- C:\Users\Stefan Roth\Desktop\Wüstenrot_Kontoauszug.jpg
[2013.05.08 15:04:43 | 001,751,171 | ---- | C] () -- C:\Users\Stefan Roth\Desktop\LBS_Kontoauszug1.jpg
[2013.03.19 12:56:00 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\CBULWDM.sys
[2013.03.19 12:56:00 | 000,053,984 | ---- | C] () -- C:\Windows\System32\drivers\CBUL32.sys
[2012.11.02 15:08:13 | 000,038,435 | ---- | C] () -- C:\Users\Stefan Roth\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.11.01 15:55:00 | 000,001,024 | ---- | C] () -- C:\Users\Stefan Roth\.rnd
[2012.10.03 15:02:02 | 000,001,040 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.10.03 15:02:02 | 000,000,166 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.10.03 15:01:16 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2012.10.03 15:01:13 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.10.03 15:01:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.10.03 15:00:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012.10.03 15:00:35 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.10.03 15:00:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.09.28 14:56:28 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.07.14 10:51:57 | 000,007,680 | ---- | C] () -- C:\Users\Stefan Roth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.22 18:24:07 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2012.06.22 10:51:02 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extra OTL log

Code:

ATTFilter

OTL Extras logfile created on: 06.06.2013 10:05:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan Roth\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 46,94% Memory free
3,50 Gb Paging File | 2,10 Gb Available in Paging File | 59,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60,00 Gb Total Space | 14,89 Gb Free Space | 24,82% Space Free | Partition Type: NTFS
Drive D: | 238,08 Gb Total Space | 141,00 Gb Free Space | 59,22% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 80,72 Gb Free Space | 27,08% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 95,59 Gb Free Space | 64,14% Space Free | Partition Type: NTFS
 
Computer Name: STEFANROTH-PC | User Name: Stefan Roth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19316D21-91FA-4578-B931-1CD269B0D8BA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1D6F35E3-E6BE-46CE-8E00-15CF856697AD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D15DAB5-328D-469B-AF41-D1EAEA64C1E3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3A01797D-9DB5-431E-801A-6E8245A53FFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43DB0817-6616-4502-A20F-3C4511C4F4FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4AAD41E5-B619-40E4-A158-CBF8D8D474F2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{56C4E0B4-C44E-4F53-9B00-90077097EF4C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5B75D1BD-7CE7-4F7A-B973-C9E7A90722B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6F5431CD-C70E-461C-85B5-0EBF0238D35E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{730AF2D7-8CDF-46FA-AA33-5B7017166A30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{752E0DA5-F9E0-4FD2-A194-7F865ADD7838}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{805872A9-A59D-4CC7-B363-5F81F35FC2C8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{825B2930-1E9E-4AE9-9510-16A69FBCAA31}" = lport=137 | protocol=17 | dir=in | app=system | 
"{84ED2606-5850-41D3-A991-BC8E3C20CDB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{97509E21-B80A-4F97-A43C-8D233C029C54}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AC01902F-9474-42AA-9687-8A0AD816A3F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD0780A9-3544-472C-A1CD-C5D78E0BE4B8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B1B8B1FB-F2FA-48BD-9FCD-E3D46FF6FA2C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B8E366A3-DD70-4D17-B794-F8B518E7C601}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C41D25CC-90AE-4442-9E3E-35ECDAEC683E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D0A24DC4-92B9-4685-88E5-C34891857C7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9A18A10-43A2-4E1A-B490-D7BDB1E2CF9E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F5AC668D-DF9E-430E-9951-00B0564F9E4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F822A9F5-259F-4375-8C36-766532995F37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0847FB67-1E9E-4691-ACB3-2554CC05E8F9}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{0DA9C514-8731-4A73-BB5F-5EAEE05424A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{153CA06B-87C9-433F-B01D-4EB0C748ADEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21362896-484F-4288-AA49-E6A1059CEFE3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{31FF19EF-E923-481A-853D-9F2C43AC9CA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{39D4B1FC-A059-4BCD-9F1F-1A952BE7CECB}" = protocol=6 | dir=in | app=c:\users\stefan roth\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3AD83F5F-C37C-43C5-905C-8F06CE56EBA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4EB9FD71-24F8-4229-9E65-18F4837C63D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{759EA5D3-EA92-4729-AFF4-C215251FC613}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{75CBA06C-E683-49EA-94D4-C89849534E37}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{891EE0AA-8085-49BE-B168-AAE2B5EC9B93}" = protocol=17 | dir=in | app=c:\users\stefan roth\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8EF53B52-2244-4402-90C7-FDD8B2698E4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{96792FBC-08A4-4C02-9C8B-0182FA46FAC4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{99EA8F84-EF6F-4708-A60D-AB1109E2D588}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{A46DD562-3348-473B-BA8E-95A7F3F8ABB0}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A7DD7160-BB6C-4AAC-9C10-3C6C3D072B70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9E71DBE-3A0F-4B09-A212-8E69CF6B1042}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{B4C27B8C-F1D7-424B-AA5E-DEAB3FE1F52C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BBCEA311-7A6B-4D4B-B583-3D240C192BD4}" = protocol=6 | dir=out | app=system | 
"{BD249211-FFD8-4C44-87B7-F5484D165A8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C001B5F1-829A-4432-80D7-5B405EA9976B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD6C1C0D-5965-472D-9F81-2A0D3BE926E4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{CDCDB02E-4E49-4E44-B98E-CB80A22F3029}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFA75803-B877-43EA-86E9-AD429A3E805C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D00874DD-3909-4E76-8268-4D622FBC255E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F079CD03-8282-4000-9930-80D1A3A43A13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F4C9997C-2088-4FE0-AF21-CE26D6089584}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FAB822CA-B7F7-4350-9A26-8B79B719BCF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB9A90D7-A354-49D6-BBBB-7CB459AEF676}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE45106A-3D58-432A-81A7-7E027E6A35EA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{131667E7-BEA7-4820-9E12-37D952F594F0}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{61512CC7-B2A8-4302-8B1C-B61D661AB0AE}D:\medo.check\medocheck.startup.exe" = protocol=6 | dir=in | app=d:\medo.check\medocheck.startup.exe | 
"TCP Query User{A1AF15AC-D994-44EC-9E80-B87DA305EB51}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{CBF3D028-E20B-4201-A364-DDE9C34EB302}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{D0C5F31F-3D12-4B60-B172-A2662B40A70D}C:\mesics\winlactat40\updates\updater.exe" = protocol=6 | dir=in | app=c:\mesics\winlactat40\updates\updater.exe | 
"TCP Query User{DDE10299-ACFA-46AF-B152-B904C10D32FE}C:\users\stefan roth\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\stefan roth\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1CA98C6C-BCBE-49CF-BCBF-175800294877}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{26CA82F6-0CCF-4453-B724-B5CF35A318D9}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{47408275-B5AA-4E5F-9499-168279CA30B7}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{7EFAC2B0-574A-4D26-8E3A-76F8C11E4F8F}C:\mesics\winlactat40\updates\updater.exe" = protocol=17 | dir=in | app=c:\mesics\winlactat40\updates\updater.exe | 
"UDP Query User{9CB69EAD-1EFA-4C32-BF9C-1903EE491F6F}C:\users\stefan roth\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\stefan roth\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{EC62B18D-E67C-4F4A-93F1-3D57DBADA6B8}D:\medo.check\medocheck.startup.exe" = protocol=17 | dir=in | app=d:\medo.check\medocheck.startup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-5890CN
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CDC5CB5F-07D4-4F0C-BA0D-CBAF7B712C7E}_is1" = winlactat 4.2.0.47
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F296739D-AF5C-4426-972A-0DC916D11031}" = Nero 8
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Allway Sync_is1" = Allway Sync version 11.7.0
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsterFormular 12.4.1.7699u" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.7.0.2
"IrfanView" = IrfanView (remove only)
"medo.check" = Name
"medo.check personal training & firmentfitness" = medo.check personal training & firmentfitness 2.9.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Miranda IM" = Miranda IM 0.10.8
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TeamViewer 8" = TeamViewer 8
"Video Converter Bundle by SweetPacks" = Video Converter Bundle by SweetPacks
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"winlactat_is1" = winlactat 4.0.0.30
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 06.09.2012 07:17:30 | Computer Name = StefanRoth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7314
 seconds with 2520 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2013 08:13:22 | Computer Name = StefanRoth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1040
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.06.2013 11:46:33 | Computer Name = StefanRoth-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 05.06.2013 13:37:25 | Computer Name = StefanRoth-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

schrauber · 06.06.2013, 10:01

Zitat:

F:\Sicherung Tina\Hallo Sommer\koma lambada - best track ever.mp3

Bitte löschen.

Noch Probleme?

StefanPT · 06.06.2013, 10:32

Hallo Schrauber,

vielen herzlichen Dank. Die Probleme sind alle weg. Hab gerade neu gebootet und alles war gut.

Was soll ich mit den ganzen Programmen machen die ich für den Prozess benötigt habe?
Und die Logfiles?

Grüße

schrauber · 06.06.2013, 11:41

Das räumen wir jetzt auf

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

StefanPT · 06.06.2013, 14:08

Hallo

hat alles super geklappt, vielen Dank nochmal !

Grüße

Habe mir wohl was eingefangen! wssetup.exe Perion Network Ltd.

Plagegeister aller Art und deren Bekämpfung: Habe mir wohl was eingefangen! wssetup.exe Perion Network Ltd.